Vulnerability Development mailing list archives
Re: History Files
From: oogali () INTRANOVA NET (Omachonu Ogali)
Date: Sat, 15 Apr 2000 21:01:44 -0400
But they still can circumvent your solution by modifying the the HISTFILE variable, from what I've read so far, process accounting is the way to go. I haven't personally dealt with it face to face, so I guess now is a good time for me and anyone else who hasn't dealt with it to check it out. On Sat, 15 Apr 2000, Corwin J. Grey wrote:
Actually there is a pretty good way that is so simple it's nearly foolproof (there are a one or two ways around it, but any program that spawns a shell will (if you limit all the shells to bash) launch bash which will write a session log on exit. Force each user to use bash first of all, and don't allow them to change shells. In your /root/history/$user_history create a file for the user (e.g. /root/history/bob) mkdir /root/history chmod 0777 /root/history touch /root/history/bob ln -s /root/history/bob /home/bob/.bash_history chmod 0600 /root/history/bob chown bob.bob /root/history/bob chattr +au /root/history/bob And happy logging :) ----- Original Message ----- From: audit <audit () RADIUSNET NET> To: <VULN-DEV () SECURITYFOCUS COM> Sent: April 15, 2000 15:44 Subject: History FilesGreeting's, I admin a few Linux servers and have a question about user's .bash_history files. The users on the systems keep their history files but I would like to have what they type logged to /root/history/$user_history I know that this is not polite on my end or the other co-admin's but we need to know what our users are doing at all times. These are slackware boxes and some RedHat boxes. Thanks
-- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali () intranova net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+
Current thread:
- Re: History Files, (continued)
- Re: History Files Boris Sagadin (Apr 17)
- Fwd: RAZOR Analysis of dvwssr.dll Blue Boar (Apr 17)
- Re: History Files iconoclast (Apr 18)
- Re: History Files Bluefish (Apr 19)
- Re: History Files Dragos Ruiu (Apr 15)
- Re: History Files Crispin Cowan (Apr 15)
- Re: History Files Seth R Arnold (Apr 15)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Gert-Jan Hagenaars (Apr 16)
- Re: History Files Bluefish (Apr 17)
- Re: History Files Omachonu Ogali (Apr 15)
- Re: History Files Mark Rafn (Apr 16)
- Alternative to historyfile logging. Joel Eriksson (Apr 17)
- Re: History Files Joel Eriksson (Apr 17)
- Re: History Files spiff (Apr 18)