Topic: Password Change - Log File ?

[treyh]

Hello,

I believe someone is changing the root/admin password via the server-manager and lying about it.

What log can I check to verify if this is true or not?

Trey

[treyh]

I went to the server manager and used the view log utility to view the messages log

Found this  

Oct 25 10:02:55 mail PAM_pwdb[8140]: password for (root/0) changed by (root/0)
Oct 25 10:03:10 mail login(pam_unix)[506]: session closed for user root

[treyh]

How do I tell who has SSHed into a default install of sme server 6?

[raem]

treyh

> How do I tell who has SSHed into a default install of sme server 6?

Also in the messages log file, although if they login as root then you can't really tell who they are, can you.
One of the reasons not to give end users (even 2nd level admins) root access.

You can allow users to have ssh access by command line control, or there is a remote access contrib from dungog.
There is also the user-manager panel for "server manager style" admin access for selected users.
You can control what panels they have access to.

Sounds to me like you should be changing the root password immediately, and configuring per user access.

[treyh]

RayMitchell

I've used the contrib from dungog that you mentioned, that is my normal practice.

Unfortenly this server belongs to a customer of mine and controls the password and etc.

I am 100% sure at this point she has someone else working on that and other servers, which I wouldn't mind at all. I just don't like being lied to.