i need help

[raamcm]

Dear folks,

i need some information about my linux server users login details.how
can i get the users login time and ip or hostname.why because today
somebody delete our webserver dircectory.when i was configure the
webserver at that time i gave full write and read(chmod 777)
permission.but now i realize how big stupid thing i have make it.in my
network 125 peoples have to access in that linux server with there own
username via putty.seriously i am now pathetic situation.let me guys
how can i revertback the files and users logon details(users commands)
also.

Thanks,
Raamcm
India

 

[David Squire]

Dear folks,

i need some information about my linux server users login details.how
can i get the users login time and ip or hostname.why because today
somebody delete our webserver dircectory.when i was configure the
webserver at that time i gave full write and read(chmod 777)
permission.but now i realize how big stupid thing i have make it.in my
network 125 peoples have to access in that linux server with there own
username via putty.seriously i am now pathetic situation.let me guys
how can i revertback the files and users logon details(users commands)
also.

First step: ask your question in a group that deals with linux
adminstration.

DS

 

[l v]

Dear folks,

i need some information about my linux server users login details.how
can i get the users login time and ip or hostname.why because today
somebody delete our webserver dircectory.when i was configure the
webserver at that time i gave full write and read(chmod 777)
permission.but now i realize how big stupid thing i have make it.in my
network 125 peoples have to access in that linux server with there own
username via putty.seriously i am now pathetic situation.let me guys
how can i revertback the files and users logon details(users commands)
also.

Thanks,
Raamcm
India

You are probably in the wrong group as you don't need Perl to find out
when and who logged into a linux server. Use the shell command last and
use grep to filter the output.

As far as who did what to the server, you'll need to be root and parse
through everyone's .sh_history file or sh_history directory depending on
if your shop uses su or sudo.

Restoring your files from tape backup is the best you can do unless the
files have been copied somewhere else before they were deleted.

 

[Jürgen Exner]

i need some information about my linux server users login details.how
can i get the users login time and ip or hostname.

Irrelevant because see below

why because today
somebody delete our webserver dircectory.when i was configure the
webserver at that time i gave full write and read(chmod 777)
permission.but now i realize how big stupid thing i have make it.

I think you still don't quite realize the magniture of this stupidity yet.
Your system has been compromised. An attacker could have modified _any_ and
_all_ files, erased any traces in logs, and left as many backdoors or
trojans as he pleases.
The only cure is to completely wipe the HDs and reinstall from a
non-compromised source like e.g. the original OS installation source or a
backup that was taken _before_ your compromized the system.

BTW: What does any of this have to do with Perl?

jue

 

[Tad McClellan]

Subject: i need help

And we need subject in Subject.

i need some information about my linux server users login details.

What does that have to do with Perl?

how can i revertback the files and users logon details(users commands)

By restoring from a backup.

You do make backups, don't you?