Re: bash_history set to zero length

Kevin, let us know what you found. We were all willing to try to help
you. You should be willing to try to help us understand what happened.
How else will we be able to help the next guy, or ourselves (let alone
you), should this happen to us.

We all will try to help some more, with more details. Was this user you?
Was it a system user? Was it someone else? What was your 'big nessus
scan'. Do we all need to be aware of something new?

I log in to the server over ssh to carry out various tasks for which I
sometimes have to su to root.

Only one other user has access via ssh - this is a delveloper who updates a
website using winscp.

The only thing that has shown up is the bash_history file was zero length
one day when I su'd to root.

There is no other sign of intrusion that I can see via aide or chkrootkit.
Server is debian sarge and everything is up-to-date.

I looked about and I had a few other sessions running on another workspace
on my laptop and they had become disconnected when the network cable had
become unplugged.

Maybe one of these disconnects cause the bash_history to become lost?



Please and thank you.


Relevant Pages

  • csh core dumping 7.0-rc1
    ... After rebooting a FreeBSD 7.0-RC1 server I noticed I could not login ... as root either via ssh or su, I initially thought I forgot my password ... Luckily I had enabled root login on sshd and added my ssh ... Loaded symbols for /lib/ ...
  • [Solution]Re: problem with remote login
    ... ssh from another server with public key identification ... root ... [Feb 12 17:49:32 Executing start method ...
  • Re: SSH / permissions problem
    ... I've got F13 on my laptop, and also on a new virtual server. ... If I ssh to root on the new server everything is fine, but if I ssh to my user ... I have carefully separated my .bash_profile and .bashrc file into those ...
  • RE: Dead SSH Connections from script
    ... >> dead SSH connections around, ... root on one machine to access all other machines thru SSH as root. ... we have told all the client machines that our server is an ...
  • Re: PubkeyAuth disallowed for root only?
    ... On two of our RedHat EL4 Update 4 servers root cannot login via ssh using public keys. ... if you either run sshd in debug mode or increase LogLevel in sshd_config then the server will provide more information about why the authentication was denied. ...