Re: History and Last cleared ??
From: nobodaddy (nobodaddyNO@SPAMinbox.lv)
Date: 04/05/03
- Next message: Chris Rasmussen: "Re: Linux tuning/optimisation"
- Previous message: erik: "Re: FreeS/WAN from behind NAT"
- In reply to: Jake: "History and Last cleared ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: nobodaddy <nobodaddyNO@SPAMinbox.lv> Date: Fri, 04 Apr 2003 22:25:24 GMT
Jake wrote:
> When I do a "history" and "last" on one of my servers I noticed it was
> emptied. Is it supposed to keep these entries into eternity or do they
> get
> wiped out periodically? Is it easily corruptable?
>
> I'm trying to figure out if this is a sign of someone hacking into my box.
The "last" log can get cronified, as others have noted, but the absence of
any history, esp in root acct, is highly suspect. This is never subject to
cron, AFAIK. Unless you deleted the $HISTFILE and changed the values of
the myriad environment variables ($HISTSIZE, HISTFILESIZE, etc), there's no
reason for history to vanish.
IMVHO, if you can't think of a logical reason that command history should
disappear, it's probably a good idea to disconnect and investigate further
(find trojans/rootkit).
-- The other day a dog peed on me. A bad sign. - H.L. Mencken
- Next message: Chris Rasmussen: "Re: Linux tuning/optimisation"
- Previous message: erik: "Re: FreeS/WAN from behind NAT"
- In reply to: Jake: "History and Last cleared ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
