Re: bash_history set to zero length




Kevin, let us know what you found. We were all willing to try to help
you. You should be willing to try to help us understand what happened.
How else will we be able to help the next guy, or ourselves (let alone
you), should this happen to us.

We all will try to help some more, with more details. Was this user you?
Was it a system user? Was it someone else? What was your 'big nessus
scan'. Do we all need to be aware of something new?



I log in to the server over ssh to carry out various tasks for which I
sometimes have to su to root.

Only one other user has access via ssh - this is a delveloper who updates a
website using winscp.

The only thing that has shown up is the bash_history file was zero length
one day when I su'd to root.

There is no other sign of intrusion that I can see via aide or chkrootkit.
Server is debian sarge and everything is up-to-date.

I looked about and I had a few other sessions running on another workspace
on my laptop and they had become disconnected when the network cable had
become unplugged.

Maybe one of these disconnects cause the bash_history to become lost?

Cheers,

Kevin


Please and thank you.

Thanks.
.