> Thanks for the info. There are only three of us who have the "root"
> access and I guess the date/time is more important to us. We are also
> concerned that there might be a script did the "rmdir" unintentionally.
> The .bash_history had some old stuff with an older timestamp of the file.
> Some of us use csh and there is no history file associated with it.
>
> How do I enable the auditing that you described below?
>
Here's a question: was it done by someone logged in as root, or via sudo?
If the latter, then check /var/log/secure to find it.
mark