[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0

Subject: Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Wed, 19 Dec 2001 11:18:02 -0800
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

"Michelle A. Hoyle" wrote:

> >Searching for anomalies in shell history files... Warning:
> >`//root/.bash_history' file size is zero
> 
> And, if I check the .bash_history file, it is indeed 0 and doesn't
> seem to be writing anything into it.  If I do a "history", it starts
> off with item 0, with something from this session (but the
> .bash_history file is still empty).  Did this file get rotated out of
> existence because it finally got too big or where did it go?
> 
> Do I need to worry about this?

Perhaps.  On my RaQ4, with the latest upgrades, the .bash_history file
is NOT zero, and does not get zeroed-out on ssh login either to admin
(with or without su to root) or ssh login directly to root.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

References:
- [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0
  - From: Michelle A. Hoyle

Prev by Date: Re: [cobalt-security] Qube 2 restore weirdness
Next by Date: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
Previous by thread: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0
Next by thread: Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index