Re: History Files

[crispin () WIREX COM (Crispin Cowan)]

audit wrote:

> I admin a few Linux servers and have a question about user's .bash_history
> files. The users on the systems keep their history files but I would like
> to have what they type logged to /root/history/$user_history
> I know that this is not polite on my end or the other co-admin's but we
> need to know what our users are doing at all times. These are slackware
> boxes and some RedHat boxes.

You could achieve that effect by sym linking or hard linking
$HOME/.bash_history to /root/history/$user_history.  Yes, that will be
problematic because a user that wants to hide what they're doing will delete
the link.  However, this just highlights the problem that a user that wants
to hide what they're doing will run a modified shell.  At best, you will have
the security of tracking the actions of your naive users.  Especially cleaver
users intent on hiding will name their modified shell "vi" or "rn" :-)

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org
                  JOBS!  http://immunix.org/jobs.html