Determine when, by who, a centos 6 package was installed.
Thomas Cameron
thomas.cameron at camerontech.com
Wed Dec 31 13:45:25 MST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/31/2014 09:35 AM, Matt Graham wrote:
> On 2014-12-31 06:13, Keith Smith wrote:
>> I am trying to determine who installed GIT and when GIT was
>> installed and what repository it came from. The date stamp on
>> /usr/share/git-core says Oct 31 16:55. The server did not exist
>> until early November.
>
> /root/install.log should contain the packages installed from the
> normal installer or the kickstart installer. Things installed
> after that would be recorded in /var/log/yum.log . However,
> this'll only tell you when the RPM was installed, not which
> non-root user was responsible or which repository it came from.
> You could try "rpm -q -f /usr/share/git-core/templates/description
> --qf %{NAME}%{INSTALLTIME}%{VENDOR}" and convert the timestamp
> from seconds-since-epoch to a regular time as well.
>
> If the log files and RPM database don't contain anything about a
> git RPM, then whoever installed it might've done "./configure
> --prefix=/usr && make && su -c 'make install' ". At that point,
> you go trawling through users' .bash_history files....
>
Might be in /var/log/yum.log, and if you archive your
/var/log/messages and /var/log/secure files, it might be in there, as
well (assuming someone used su to install).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSkYGQACgkQmzle50YHwaBN6wCgxYzC4vD0r7hU5WKkHFtrE5fN
NDcAn33OEsxOeCH9hrYJkE8W6pV8wTBb
=c95Z
-----END PGP SIGNATURE-----
More information about the PLUG-discuss
mailing list