PaulDotCom mailing list archives

Archiving History files

From: dninja at gmail.com (Robin Wood)
Date: Tue, 19 Jan 2010 12:53:03 +0000

2010/1/19 Monkey Daemon <monkeywebdaemon at googlemail.com>:

Hi,

I've just discovered a system on which one of our darling users has
decided adding a script to his .bash_logout file that removes
.bash_history on logout is a clever thing to do.

Is there a way to take a copy of the .bash_history file before it is
deleted? This user obviously has something to hide as far as I'm
concerned, so I need to archive this file to present it as evidence.


You could trojan the history command so that when a clear is attempted
it copies the current history first. I'd do this by moving the history
binary to one side and adding a shell script wrapper that checks the
UID and acts when needed.

Robin

Current thread:

Archiving History files Monkey Daemon (Jan 19)
- Archiving History files Robin Wood (Jan 19)
- Archiving History files Tim Krabec (Jan 19)
- Archiving History files Matt Erasmus (Jan 19)
- Archiving History files Carlos Perez (Jan 19)
  - Archiving History files Robin Wood (Jan 19)
- Archiving History files Nick Baronian (Jan 19)
  - Archiving History files Tim Krabec (Jan 19)
- Archiving History files Dave Ockwell-Jenner (Jan 19)
  - Archiving History files Michael McGrew (Jan 19)
- <Possible follow-ups>
- Archiving History files genesiswave at gmail.com (Jan 19)