Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: bash_history

From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 12 Apr 2005 17:16:54 +0300 (IDT)
On Mon, 11 Apr 2005, Nuno Costa wrote:

if you just want to prevent the user from modify or delete entrys
from the bash_history file, and do not touch permissions and other
stuff, maybe is create backups in realtime from this files, in a root
dir, where the user cant touch it...


.bash_history is written only on (clean) exit, so if, for example, you
kill -9 $$
the history file will be never updated.


so if the user tries to modify or delete this file, you have in your
root dir, backups from this files, that was created in real time.


BTW: this would allow to make a DoS attack on disk space (even if
each user has his own quota)...

Probably the easiest way to record user's activity is to force her to
use script (man script).

-- 
Regards,
ASK

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: