I maintain a Debian multipurpose server and I'm the sole admin. I execute the lastcommand every time I ssh into the server to check if I recognize every user who have used its service and if they're allowed. I of course made my own custom security modifications to it in order to make it secure over the Internet.

Last night I executed the command and found out that the log had completely been erased and there were no entries of any users on the server. when I run last, there's usually an output of over 15 lines of who used the system but this time there's only one which was myself. I've only started using last for about a few months. I read the man page for it but it didn't say anything about it reseting itself after some x amount of time. Is it possible that my server has been hacked?? The only way to legally access this server is through my own private vpn.

I maintain a Debian multipurpose server and I'm the sole admin. I execute the lastcommand every time I ssh into the server to check if I recognize every user who have used its service and if they're allowed. I of course made my own custom security modifications to it in order to make it secure over the Internet.

Last night I executed the command and found out that the log had completely been erased and there were no entries of any users on the server. When I run last, there's usually an output of over 15 lines of who used the system but this time there's only one which was myself. I've only started using last for about a few months. I read the man page for it but it didn't say anything about it reseting itself after some x amount of time. Is it possible that my server has been hacked?? The only way to legally access this server is through my own private openvpn server.