Security Basics mailing list archives
Re: bash_history to track users
From: "Jack Whitsitt (jofny)" <seclists () violating us>
Date: Wed, 12 Nov 2003 11:39:56 -0500 (EST)
The ONLY thing this would useful for is being able to backtrack a clue-less user. A malicious user with clue will do what he wants and then go hand edit the bash history. After all, it's in his home directory and he owns it.
That's not entirely accurate. It's fairly easy to modify bash to log this file elsewhere...and it should not be much harder to have it log to two locations with different permissions... This makes the discussion a little bit more interesting.. Without hacking the code, though, I suppose you can write a script to parse the output of "w" and have it add items as they change. -Jack
What kind of an environment are you trying to secure - is this a business where you can use something like a key stroke logger? or is it open to the internet? Thanks, Jimi At 12:44 AM -0500 11/6/03, Joe Szilagyi wrote:Hi everyone, Is there any way to totally keep track of users, to the degree of adding timestamps and hostnames to each entry in the server's .bash_history files? The especially wonderful thing would be able to have .bash_history record the IP/hostname the person responsible is logging in from, i.e., if I'm in as root from host 'barney.gumble.com', and I run command 'y', I want history to show like, this, and same from other people logging in... 114 barney.gumble.com passwd marge 115 barney.gumble.com adduser moe 116 65.23.18.95 cd /etc/conf/httpd 117 65.23.18.95 vi httpd.conf 118 barney.gumble.com pico .bachrc ...and so on. Is this possible? _____________________ Regards, Joe
--------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- bash_history to track users Joe Szilagyi (Nov 05)
- Re: bash_history to track users Lothar Kimmeringer (Nov 06)
- Re: bash_history to track users Helder Miguel Rodrigues (Nov 06)
- Re: bash_history to track users Todd Neal (Nov 06)
- Re: bash_history to track users Steve Chadsey (Nov 06)
- Re: bash_history to track users Meritt James (Nov 07)
- Re: bash_history to track users Jimi Thompson (Nov 11)
- Re: bash_history to track users Jack Whitsitt (jofny) (Nov 13)
- Re: bash_history to track users Joe Szilagyi (Nov 14)
- Re: bash_history to track users Sebastian Hans (Nov 17)
- RE: bash_history to track users arek (Nov 14)
- Re: bash_history to track users Sebastian Hans (Nov 14)
- Re: bash_history to track users jrd (Nov 16)
- Re: bash_history to track users Sebastian Hans (Nov 17)
- Re: bash_history to track users Ansgar -59cobalt- Wiechers (Nov 17)
- Re: bash_history to track users Jack Whitsitt (jofny) (Nov 13)
- RE: bash_history to track users Thiago Lima (Nov 16)
- Re: bash_history to track users Sebastian Hans (Nov 17)