"David Smulsky" <[EMAIL PROTECTED]> wrote: > I have a Raq550, and for no reason as far as I can tell, my mrtg daemons > stoped this last friday at night, and this morning when I realized it, I ran > chkroot, everything came up clean EXCEPT /root/.bash_history was zero > bytes.. > > Is there any possiable way raq's do this to themselfs, our should I be > seriouly looking for a hacker, I cant seem to find a trace.
Unless you've made changes to bash's behavior from that on a stock 550 ~root/.bash_history doesn't get cleared out. So if the file is chmod 600, owned by root:root like it should be that's likely the result of a rootkit or manual command by an intruder to cover his/her tracks. Unless of course you've never logged in via the shell as root and executed a command. If it was my box or a client's I'd definitely investigate. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
