14 May
2010
14 May
'10
4:55 p.m.
Thanks for the info. There are only three of us who have the "root" access and I guess the date/time is more important to us. We are also concerned that there might be a script did the "rmdir" unintentionally. The .bash_history had some old stuff with an older timestamp of the file. Some of us use csh and there is no history file associated with it.
How do I enable the auditing that you described below?
Here's a question: was it done by someone logged in as root, or via sudo? If the latter, then check /var/log/secure to find it.
mark