I have looked for solutions to this. I am able to change it, but I need to find out when it was last done and preferably also seeing who was logged in when it was done.
Need proof for a security breach.
Thanks in advance.
Asked
Active
Viewed 1,259 times
1 Answers
0
As far as I know, there is no stock way to do this.
In order to determine when the root password changes, you'll need to have binary logging enabled for the mysql database and be watching that log for password changes for the root user. If you don't already have binary logging enabled, I'm not sure there's any way to determine the password age.
As far as seeing who was logged in, what is your definition of "logged in"? Do you mean connected via SSH? If that's the case, then you'll need to be archiving /var/log/secure or /var/log/auth.log so that you can correlate user connect/disconnect logs with the mysql binlog mentioned earlier.
EEAA
- 109,363
- 18
- 175
- 245
-
Alright - not as straight forward as I thought. Will look into it a bit more. – Jeff Kranenburg Jan 20 '15 at 02:46