Linux – finding exact date/time when a user changed his password last time

linux

does linux store such info about date/hour/minute/second when give user password was changed last time? If so, with which command can view it?

"chage -l user" shows only the day when the password was changed.

kind regards,

Best Answer

Should be an entry in a log saying when passwd was run & by whom, similar to:

Mar 31 12:41:41 UBUNTU sudo: daniel : TTY=pts/1 ; PWD=/dev ; USER=root ; COMMAND=/usr/bin/passwd root
Mar 31 12:41:52 UBUNTU passwd[25160]: (pam_unix) password changed for root
Mar 31 12:41:52 UBUNTU passwd[25160]: (pam_unix) Password for root was changed

The log file varies depending on the distro, should be somewhere in /var/log though, so something like this should search them all (except maybe old gz'd files, try zgrep?):

grep -R -i passwd /var/log/*

Probably in /var/log/auth.log on Debian, or /var/log/secure on Redhat

But if this user can run any commands, they could edit logs too... so watch for unlimited sudo access.

More info:

Are root password changes logged?
How to log commands within a “sudo su -”? - Add log_input/output to sudoers, auditctl, snoopylogger, ...
Details about sudo commands executed by all user
Where are sudo incidents logged? - Best: "It's logged remotely: xkcd.com/838"

Related Solutions

Linux – How to permanently fix the date synchronize problem in linux

The advice about running ntpdate is good, but it'll only step your time. A better option is to install ntpd and use it to keep the local clock synchronised, avoiding skewed logs.

With Ubuntu you should just be able to do apt-get install ntp. That should install ntpdate and ntpd, configure them to use ntp.ubuntu.com as the only server and synchronise time. For completeness you'll want to add other NTP servers (eg 0.pool.ntp.org, 1.pool.ntp.org and 2.pool.ntp.org).

Linux – How to make an application detect if system time has changed in Linux

I think this article has an answer to your question: Notify userspace about time changes. But please note that the patch mentioned in the article is quite recent, so you have to check your linux kenel vesrion first.

If your kernel does not support userspace notification mechanism, then you can implement the following algorithm (in pseudocode):

time = gettimeofday()

loop:
    sleep 1 second
    new_time = gettimeofday()
    if (time_diff(new_time, time) > 2 seconds) then
       alert System time has changed by an external user/process!

    time = new_time
    goto loop

Hope this helps.

Best Answer

Related Solutions

Linux – How to permanently fix the date synchronize problem in linux

Linux – How to make an application detect if system time has changed in Linux

Related Question