Vulnerability Development mailing list archives
Re: History Files
From: krisw () SUPPORTTEAM NET (Senior Systems Administrator - Kris W.)
Date: Sun, 16 Apr 2000 17:07:51 -0500
I have my systems setup like this: in /etc/profile, USER=`id -un` HISTFILE=/home/history/$USER.history echo ------------------- `date` >> $HISTFILE /home/history/$user.history is a file, with rwx access for the user and group, and with append only attributes. and in /etc/bashrc: chk=`id -un` if [ "$chk" != "root" ] then alias unset='dono' fi where dono, is a simple shell script that just exits and in the users .bash_logout, a script that echos the date again to the histfile, so i have a good idea of when each user executed what, combined with process accounting i can pretty much track anything. kw ----- Original Message ----- From: "Michael Jennings" <mej () VALINUX COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Sunday, April 16, 2000 1:35 AM Subject: Re: History Files
On Saturday, 15 April 2000, at 17:31:44 (-0700), Corwin J. Grey wrote:Actually there is a pretty good way that is so simple it's nearly
foolproof
(there are a one or two ways around it, but any program that spawns a
shell
will (if you limit all the shells to bash) launch bash which will write
a
session log on exit. Force each user to use bash first of all, and don't allow them to change shells. In your /root/history/$user_history create a file for the user (e.g. /root/history/bob) mkdir /root/history chmod 0777 /root/history touch /root/history/bob ln -s /root/history/bob /home/bob/.bash_history chmod 0600 /root/history/bob chown bob.bob /root/history/bob chattr +au /root/history/bob And happy logging :)I don't suppose anyone realized that the user, having write permissions to his/her own home directory, could simply remove the soft link? Or move it out of the way? Michael -- "To live on as we have is to leave behind joy, and love, and companionship, because we know it to be transitory, of the moment. We know it will turn to ash." -- Lorien, Babylon Five ======================================================================= Michael Jennings <mej () eterm org> www.tcserv.com PGP Key ID: BED09971 Software Engineer, VA Linux Systems Author, Eterm (www.eterm.org)
Current thread:
- Re: History Files, (continued)
- Re: History Files Gert-Jan Hagenaars (Apr 16)
- Re: History Files Bluefish (Apr 17)
- Re: History Files Michael Jennings (Apr 15)
- Re: History Files Mark Rafn (Apr 16)
- Alternative to historyfile logging. Joel Eriksson (Apr 17)
- Re: History Files Joel Eriksson (Apr 17)
- Re: History Files spiff (Apr 18)
- Re: History Files Corwin J. Grey (Apr 16)
- Re: History Files Michael Jennings (Apr 16)
- Cooments on the dvwssr.dll vulnerability threads Iván Arce (Apr 17)
- Re: History Files Senior Systems Administrator - Kris W. (Apr 16)
- quick dirty and most of all-easy process accounting via lkm Security Team (Apr 16)
- Re: History Files George Dodd (Apr 18)
- Re: History Files Perly (Apr 19)
- Re: History Files joyce (Apr 19)
- non-exec stack Lamagra Argamal (Apr 19)
- Weakness of static addr & MySQL database Tompkins, William A (Apr 20)
- Re: Weakness of static addr & MySQL database Jim Kinney (Apr 20)
- Re: History Files Jeff Bachtel (Apr 15)