Vulnerability Development mailing list archives

Re: History Files

From: oogali () INTRANOVA NET (Omachonu Ogali)
Date: Sat, 15 Apr 2000 21:01:44 -0400


But they still can circumvent your solution by modifying the the HISTFILE
variable, from what I've read so far, process accounting is the way to go.
I haven't personally dealt with it face to face, so I guess now is a good
time for me and anyone else who hasn't dealt with it to check it out.

On Sat, 15 Apr 2000, Corwin J. Grey wrote:

Actually there is a pretty good way that is so simple it's nearly foolproof
(there are a one or two ways around it, but any program that spawns a shell
will (if you limit all the shells to bash) launch bash which will write a
session log on exit.

Force each user to use bash first of all, and don't allow them to change
shells.

 In your /root/history/$user_history create a file for the user (e.g.
/root/history/bob)

 mkdir /root/history
 chmod 0777 /root/history

 touch /root/history/bob
 ln -s /root/history/bob /home/bob/.bash_history
 chmod 0600 /root/history/bob
 chown bob.bob /root/history/bob
 chattr +au /root/history/bob

And happy logging :)

----- Original Message -----
From: audit <audit () RADIUSNET NET>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: April 15, 2000 15:44
Subject: History Files

Greeting's,

I admin a few Linux servers and have a question about user's .bash_history
files. The users on the systems keep their history files but I would like
to have what they type logged to /root/history/$user_history
I know that this is not polite on my end or the other co-admin's but we
need to know what our users are doing at all times. These are slackware
boxes and some RedHat boxes.

Thanks


--
+-------------------------------------------------------------------------+
| Omachonu Ogali                                     oogali () intranova net |
| Intranova Networking Group                 http://tribune.intranova.net |
| PGP Key ID:                                                  0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+

Current thread:

Re: History Files, (continued)
- - - Re: History Files Boris Sagadin (Apr 17)
    - Fwd: RAZOR Analysis of dvwssr.dll Blue Boar (Apr 17)
    - Re: History Files iconoclast (Apr 18)
    - Re: History Files Bluefish (Apr 19)
  - Re: History Files Dragos Ruiu (Apr 15)
    - Re: History Files Crispin Cowan (Apr 15)
- Re: History Files Seth R Arnold (Apr 15)
- Re: History Files Omachonu Ogali (Apr 15)
  - Re: History Files Corwin J. Grey (Apr 15)
- Re: History Files Corwin J. Grey (Apr 15)
  - Re: History Files Omachonu Ogali (Apr 15)
    - Re: History Files Corwin J. Grey (Apr 15)
    - Re: History Files Gert-Jan Hagenaars (Apr 16)
    - Re: History Files Bluefish (Apr 17)
  - Re: History Files Michael Jennings (Apr 15)
    - Re: History Files Mark Rafn (Apr 16)
    - Alternative to historyfile logging. Joel Eriksson (Apr 17)
    - Re: History Files Joel Eriksson (Apr 17)
    - Re: History Files spiff (Apr 18)
    - Re: History Files Corwin J. Grey (Apr 16)
    - Re: History Files Michael Jennings (Apr 16)

(Thread continues...)