Sometimes when I su to root I mistakenly type the root password right behind the su command, before hitting enter. That leads to the root password being written to the bash history in clear text and into /var/log/auth.log... (No passwd entry for user '<PASSWORD>')

Assuming normal, but not excessive paranoia - is there any way to recover from this situation safely, other than changing the root password?

E.g if I shred the bash history file and then run
and delete the critical lines from /var/log/auth.log - Does that sound reasonably safe? Or am I missing something important?

run and watch the output for hits.
get the line numbers for them.
when you're done.

As for the log file, you may have to edit that by hand, but after logrotate does it's thing, it may be a non-issue.

1 members found this post helpful.

If you are that careless, don't use root.
Change the root password - that way logs are rendered irrelevant.
Use sudo.

1 members found this post helpful.

I already changed the root password before even posting. The question was more out of curiosity.

And no, I don't want to use sudo except for special cases, plus it would not solve this particular problem, because the same mistake could happen when using sudo. And since you tend to have to type your password more often when using sudo, the likelihood of that happening would be even higher.

Granted, it wouldn't be the root password, but one with just as much power.

Thanks for this, did not know these history options before.

You are very welcome.