On Thursday 03 January 2008 19:09:11 Christopher Thorjussen wrote: > On one of my systems I seem to loose a file or two from time to time. > Last night, one of my files (/home/online/sh/NattjobbPrivat.sh) was > deleted/removed/vanished. Another time it was /home/online/sh/daemon > that was deleted. > > But I can't seem to find anything strange in the logs or in the history, > nor would any of my scripts running in crontab mess with those files. > > Where can I look for clues? And how do I enable audit for file > operations in my home folder? Hi, this really sounds weird. In order to audit it, the following checklist might help: 1. If the system was administered by an admin other than you and he got fired/dismissed with hard feeling on him, he might put a crontab that would do nasty thing randomly. Audit all the files in: /var/spool/cron /var/spool/at Also all the script in /etc/cron.{d,daily,weekly,monthly}, /etc/crontab 2, Audit all RPM files installed using: rpm -Va, looks for a difference in md5sum for binary files such as /bin/ls,/bin/ps, etc. You might want to use cracker detection script such as rkhunter. 3. Looks for the word "error" in log files: grep -r error /var/log See for related error such as filesystem corruption, etc 4. It's a long shot, but could be a misconfigured rsync script? HTH, pls let us know the result. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 21:09:01 up 1:02, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn.
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos