# How can I understand why machine reboot and who reboot it?



## ShyRain (Feb 25, 2013)

Hi,
I have got a remote machine and 3 people know the root password.
Today I saw the uptime is only 1 day so I looked with last command.


```
#last
root ..........
root ..............
reboot -  - 
root ...........
```

Such as this and no write to "reboot crashed" etc.

How can I understand why my machine reboots and who reboots and which IP reboots my machine?


----------



## SirDice (Feb 25, 2013)

Should they use su(1) or are they allowed to login with root directly?


----------



## fluca1978 (Feb 25, 2013)

Unless they did a su(1), and therefore have an entry in the auth log, you will not know. I suggest using _sudo_ for such a root-shared environment.


----------



## ShyRain (Feb 26, 2013)

Yes , they can also know password so they are allowed with root directly...


----------



## SirDice (Feb 26, 2013)

Don't. Because now you have no way of finding out who rebooted your machine. Disallow root logins, force _everybody_ to login with their own account and make them use su(1) or sudo(8).


----------



## zspider (Feb 26, 2013)

If you were really desperate you could enable auditing, it's in the handbook, it can tell you a lot of things.


----------



## SirDice (Feb 27, 2013)

It still would only tell you root rebooted it. Not who was logged in as root at that time.


----------



## sossego (Feb 27, 2013)

I'm curious. Is the machine in question running FreeBSD or some other system?
If it is running FreeBSD, then do you have more than than one user in wheel?
Did you create any non-privileged users or were any created?


----------



## ShyRain (Feb 27, 2013)

SirDice said:
			
		

> Don't. Because now you have no way of finding out who rebooted your machine. Disallow root logins, force _everybody_ to login with their own account and make them use su(1) or sudo(8).





			
				zspider said:
			
		

> If you were really desperate you could enable auditing, it's in the handbook, it can tell you a lot of things.



thanks a lot this can be helpfull for next time activity


----------

