[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0

Subject: Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0
From: "Michelle A. Hoyle" <mahlist@xxxxxxxxxxxxx>
Date: Thu, 20 Dec 2001 10:03:08 +0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Date: Wed, 19 Dec 2001 11:18:02 -0800
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>

"Michelle A. Hoyle" wrote:

 >Searching for anomalies in shell history files... Warning:
 >`//root/.bash_history' file size is zero

 And, if I check the .bash_history file, it is indeed 0 and doesn't
 seem to be writing anything into it.  If I do a "history", it starts
 off with item 0, with something from this session (but the
 .bash_history file is still empty).  Did this file get rotated out of

 > existence because it finally got too big or where did it go?


 Do I need to worry about this?


Perhaps.  On my RaQ4, with the latest upgrades, the .bash_history file
is NOT zero, and does not get zeroed-out on ssh login either to admin
(with or without su to root) or ssh login directly to root.

I use ssh all the time. The last time I happened to look at thehistory file (which was quite some time ago), it had thousands ofentries in it. That's why I was wondering if it maybe hit some sizeand rotated. I did a cursory look through etc/cron-daily, but Ididn't see anything for that.

Prev by Date: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
Next by Date: [cobalt-security] ProFTPD Bug - may lead to a security issue
Previous by thread: Re: [cobalt-security] (no subject)
Next by thread: [cobalt-security] ProFTPD Bug - may lead to a security issue

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index