Question
Where is the password change log?
Answer
cPanel doesn't maintain a log specifically for password changes. However, if a password was changed via the cPanel or WHM interfaces, the password change activity will be logged in the access_log file. You can use the following command to find password changes made through the cPanel and WHM interfaces.
awk '/\/passwd |changepass.html/ &&/POST/ {if($9 == 200) print $1, $3, $4, $6, $7, $11} ' /usr/local/cpanel/logs/access_log|column -t
If a password change is made via an API call, the activity will be logged in the session_log file. You can use the following command to find password changes made via an API call.
grep password_change /usr/local/cpanel/logs/session_log
Comments
0 comments
Article is closed for comments.