You could set a higher securelevel and use system flags like: chflags sappnd .history Which will prevent it from being erased and only allow appending.
On Tue, 31 Mar 2020 at 10:59, el kalin <ka...@el.net> wrote: > hi all... > > noticed that over night the shell .history file for root was emptied. the > file is there but there is no history in it. this is unusual and it's the > second time it happens in 2 months. it's particularly peculiar since nobody > else has the root password for this machine. i can't see any ssh access in > auth.log and ssh access is limited to a handful of ips... how could i > figure out what is emptying the .history file? > > thanks... > > also, the .cshrc looks like this: > > set promptchars = "%#" > > set filec > set history = 1000 > set savehist = (1000 merge) > set autolist = ambiguous > # Use history to aid expansion > set autoexpand > set autorehash > set mail = (/var/mail/$USER) > if ( $?tcsh ) then > bindkey "^W" backward-delete-word > bindkey -k up history-search-backward > bindkey -k down history-search-forward > endif > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org > " > _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"