Is there a way in linux to find out which user or which process killed another process? Maybe a log?
I searched through /var/log
and specifically on auth.log.*
but I didn't find anything interesting..
I suppose that the process was killed using htop
but as far as I know it doesn't keep activities logs.
Thanks
Best Answer
Without some form of auditing enabled, it's not possible to find out as far as I know.
There are some useful docs on Audit Control here (other distros will also find this useful): http://doc.opensuse.org/products/draft/SLES/SLES-security_sd_draft/cha.audit.comp.html
Specifically (untested):
Should have the desired effect providing the audit system is set up correctly.
Christian.