Actually, if he ran "rm -rf /", wouldn't /var/log be included, and hence have the evidence wiped? =) On Mon, 2004-04-19 at 12:48, Jeff Vian wrote: > Björn Persson wrote: > > one of these 3 happens to get mad/upset/frustrated/careless > This user (lets say john) logs in and runs some commands that are very > destructive to the system > (have you ever heard of "rm -rf /" being run????) > All three users actions are recorded as being done by root, thus no way > to track who did what or when. > The analysis of the problem shows that "root" did some > dumb/careless/harmfull things to the system. > > Who is responsible????? Answer: one of the above -- Adam Voigt adam@xxxxxxxxxxxxx
