Vulnerability Development mailing list archives
Re: History Files
From: crispin () WIREX COM (Crispin Cowan)
Date: Sat, 15 Apr 2000 23:34:57 +0000
audit wrote:
I admin a few Linux servers and have a question about user's .bash_history files. The users on the systems keep their history files but I would like to have what they type logged to /root/history/$user_history I know that this is not polite on my end or the other co-admin's but we need to know what our users are doing at all times. These are slackware boxes and some RedHat boxes.
You could achieve that effect by sym linking or hard linking $HOME/.bash_history to /root/history/$user_history. Yes, that will be problematic because a user that wants to hide what they're doing will delete the link. However, this just highlights the problem that a user that wants to hide what they're doing will run a modified shell. At best, you will have the security of tracking the actions of your naive users. Especially cleaver users intent on hiding will name their modified shell "vi" or "rn" :-) Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org JOBS! http://immunix.org/jobs.html
Current thread:
- History Files audit (Apr 15)
- Re: History Files Tomas Westin (Apr 15)
- Re: History Files gavina () CSIS GVSU EDU (Apr 15)
- Re: History Files Dino Dai Zovi (Apr 15)
- Re: History Files Crispin Cowan (Apr 15)
- Re: History Files Rodrick Brown <System Administrator> (Apr 15)
- Re: History Files Tomas Westin (Apr 15)
- Re: History Files Blue Boar (Apr 15)
- Re: History Files audit (Apr 15)
- Re: History Files Blue Boar (Apr 15)
- Re: History Files Carson Gaspar (Apr 15)
- limited functionality accounts (was: Re: History Files) Marc Slemko (Apr 16)
- Re: limited functionality accounts (was: Re: History Files) Seth R Arnold (Apr 16)
- Re: limited functionality accounts (was: Re: History Files) Einar Indridason (Apr 26)
- Controlling a program's resource usage on Unix Bernie Cosell (Apr 16)
- Re: History Files Rodrick Brown <System Administrator> (Apr 15)