LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-27-2003, 06:04 AM   #1
togeno
LQ Newbie
 
Registered: Jun 2003
Posts: 1

Rep: Reputation: 0
Red face .bash_history gone


Hello, everyone. When I booted into my linux desktop at home today,and logged on a root, I realized that almost all the history on my bash shell were not available. I checked .bash_history in the root directory and it only contains only the most recent commands I used from last night. All the other commands are gone. I am pretty sure I haven't deleted any of them and got suspicious b/c my computer was connected online allday yesterday downloading stuff. Now, my question is should I take this as an indication that my linux desktop box was rooted by some hacker? Or, am I being extremly paranoid? For the moment, I am not taking anything for granted and am back at my windows box.
 
Old 06-27-2003, 12:46 PM   #2
dogn00dles
Member
 
Registered: Feb 2003
Distribution: Slack 9.0/NetBSD
Posts: 101

Rep: Reputation: 15
Could you disconnect the Linux box and take a look at the logs?
 
Old 06-27-2003, 05:15 PM   #3
beltorak
LQ Newbie
 
Registered: Dec 2002
Distribution: slackware 8.1
Posts: 15

Rep: Reputation: 0
try this topic for forensics and tools; I haven't had a chance to look thru them thoroughly yet.

-t.
 
Old 06-30-2003, 07:10 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Do "env | grep HIST": first thing I would look was at the HISTFILESIZE, HISTSIZE and HISTIGNORE environment variables, for the Bash shell they're set from /etc/profile. If you want to have root log everything make sure you unset those variables for root, make sure the permissions on the history file are restricted to user root only, chattr +a for append only and rotate the log at some convenient size/time to maintain record.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
.bash_history question stakhous Linux - Newbie 1 05-24-2005 06:24 PM
.bash_history t3gah Linux - Software 2 05-05-2005 03:45 AM
bash_history linj Linux - Software 6 08-08-2003 10:13 AM
.bash_history question iceman47 Linux - Security 4 06-06-2003 04:29 PM
How does .bash_history works? zeky Linux - General 2 10-15-2002 02:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration