Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: bash_history to track users

From: Steve Chadsey <schadsey () lightbridge com>
Date: Thu, 6 Nov 2003 12:15:50 -0700
On Thu, Nov 06, 2003 at 12:44:08AM -0500, Joe Szilagyi wrote:

Hi everyone,

Is there any way to totally keep track of users, to the degree of adding
timestamps and hostnames to each entry in the server's .bash_history files?

The especially wonderful thing would be able to have .bash_history record
the IP/hostname the person responsible is logging in from, i.e., if I'm in
as root from host 'barney.gumble.com', and I run command 'y', I want history
to show like, this, and same from other people logging in...


As others have pointed out, doing this via .bash_history can be
circumvented.  That is, unless you've got a customized/patched version
of bash, but then you've got to *really* trust the party that patched it.

It sounds though that what you are after is called "process accounting".
This has been available for linux, solaris, and other OSes for some time.
I haven't personally needed it, so I can't really help with any details
beyond this.  But spend a few minutes googling for information on process
accounting for your specific OS should get you started.

-- 
Steve Chadsey <schadsey () lightbridge com>

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: