> Thanks for the info. There are only three of us who have the "root" > access and I guess the date/time is more important to us. We are also > concerned that there might be a script did the "rmdir" unintentionally. > The .bash_history had some old stuff with an older timestamp of the file. > Some of us use csh and there is no history file associated with it. > > How do I enable the auditing that you described below? > Here's a question: was it done by someone logged in as root, or via sudo? If the latter, then check /var/log/secure to find it. mark _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos