This has happened twice for me, first on an old mdk
dist, so i went paranoid and upgraded to debian, and a
few weeks ago my /root/.bash_history was empty again!
Can it be something other than a break in? The
partition /root lies on has plenty of space so it's
not because of that.
Any ideas/suggestions?
/Anders
There may be some other causes. For example if you do a:unset HISTFILE
unset HISTSAVE
right after you log on, no commands will be written in the .bash_history.
Are you the only root ? Because if you work with someone maybe that person wrote erased the .bash_history and then wrote in .bashrc (for example) those commands.
From a security point of view there are few things to say about empty .bash_history:
1. It may be a good thing to keep your .bash_history clean because if some attacker gets to your box, you dont want him (her ?) to know what commands you wrote...
2. If you use .bash_history and all of a sudden your .bash_history gets wiped out or cleaned (0 size) we may be talking about a breach. But it's not such a relevant test, that's why you need more tools, to get the proof...
Regards,