Determine when, by who, a centos 6 package was installed.

[Keith Smith]

On 2014-12-31 14:45, Thomas Cameron wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 12/31/2014 09:35 AM, Matt Graham wrote:
>> On 2014-12-31 06:13, Keith Smith wrote:
>>> I am trying to determine who installed GIT and when GIT was
>>> installed and what repository it came from. The date stamp on
>>> /usr/share/git-core says Oct 31 16:55.  The server did not exist
>>> until early November.
>> 
>> /root/install.log should contain the packages installed from the
>> normal installer or the kickstart installer.  Things installed
>> after that would be recorded in /var/log/yum.log .  However,
>> this'll only tell you when the RPM was installed, not which
>> non-root user was responsible or which repository it came from.
>> You could try "rpm -q -f /usr/share/git-core/templates/description
>> --qf %{NAME}%{INSTALLTIME}%{VENDOR}" and convert the timestamp
>> from seconds-since-epoch to a regular time as well.
>> 
>> If the log files and RPM database don't contain anything about a
>> git RPM, then whoever installed it might've done "./configure
>> --prefix=/usr && make && su -c 'make install' ".  At that point,
>> you go trawling through users' .bash_history files....
>> 
> 
> Might be in /var/log/yum.log, and if you archive your
> /var/log/messages and /var/log/secure files, it might be in there, as
> well (assuming someone used su to install).

I was able to determine the package was installed before i recieved the 
server.

Thank you for your help!!


> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iEYEARECAAYFAlSkYGQACgkQmzle50YHwaBN6wCgxYzC4vD0r7hU5WKkHFtrE5fN
> NDcAn33OEsxOeCH9hrYJkE8W6pV8wTBb
> =c95Z
> -----END PGP SIGNATURE-----
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-- 
Keith Smith