5.5. Reviewing Command-Line Logs
DiskUtility.log lets you know if somebody burned a disk with Disk utility, but it won't show whether someone ran a reformat or repair operation from the command line. For command-line information, it is often best to look into the command-line history for each user. This information is stored in the history file. The history file is different for each shell in which a user is operating. For example, the history file for the default shell, bash, is .bash_history. It is located in the root of each user's home folder. The history files do not get rotated, but by default will only keep 150 commands. As new commands are entered, old commands will expire. You can view history by using the history command (no arguments ...
Get Enterprise Mac Security: Mac OS X Snow Leopard now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
