I have a issue
We have a server that the network configuration changed very recently, this unusual and this has now turned in to a security incident. Because I just finished verifying all logs
Su log, syslog, messages, sudosh.logs sudo,logs and I can�t find any trace of The ifconfig command which I should of seen,
I was wondering ifconfig does any writing to a file somewhere deep in the system
Depending on the default shell on Solaris, you could grep every users (including root) history file for ifconfig commands.
Bash history file is ~/.bash_history and I think ksh is ~/.history
that MAY help
I would like to thank all who put in their 2 cents worth
But I'm closing this thread unsolved for the moment. The organization
In this company is requesting a forensic team to investigate this situation
When the address is verified has to what domain answers to that ip