Security Basics mailing list archives

Re: bash_history to track users

From: Sebastian Hans <hanss () in tum de>
Date: Sat, 15 Nov 2003 15:31:35 +0100

Thiago Lima  wrote:

But not too different. The user must still have write access. 
Otherwise, how would the shell write to it? If the shell can 
write to it, so can the user. Anyway, what if the user has 
more than one instance running? .bash_history only has the 
history of one instance. Or tcsh? Or any other shell for that matter?


you could use a special partition that you only store those 'bash logs'
and set it to just allow appends. Files can't be deleted or edited.


Fill up the partition:

$ dd if=/dev/zero bs=1M count=1048576 >>/path/to/bash_history

(Increase count if the partition is greater than 1024G).

Seb
-- 
/~\ The ASCII                          Sebastian Hans
\ / Ribbon Campaign                    hanss () in tum de
 X  Against HTML                         0x5AED1E6D
/ \ Email!           014C 4A54 FED4 C0B5 3E87  427B 6910 AB0A 5AED 1E6D

Attachment: _bin
Description:

Current thread:

Re: bash_history to track users, (continued)
- Re: bash_history to track users Jimi Thompson (Nov 11)
  - Re: bash_history to track users Jack Whitsitt (jofny) (Nov 13)
    - Re: bash_history to track users Joe Szilagyi (Nov 14)
    - Re: bash_history to track users Sebastian Hans (Nov 17)
    - RE: bash_history to track users arek (Nov 14)
    - Re: bash_history to track users Sebastian Hans (Nov 14)
    - Re: bash_history to track users jrd (Nov 16)
    - Re: bash_history to track users Sebastian Hans (Nov 17)
    - Re: bash_history to track users Ansgar -59cobalt- Wiechers (Nov 17)
    - RE: bash_history to track users Thiago Lima (Nov 16)
    - Re: bash_history to track users Sebastian Hans (Nov 17)
- Re: bash_history to track users Valter Santos (Nov 17)
- RE: bash_history to track users Brecrost Jones (Nov 06)
- RE: bash_history to track users arek (Nov 14)