Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: History Files

From: chris () STRICTLY NOSUCKAZ NET (chris () STRICTLY NOSUCKAZ NET)
Date: Sat, 15 Apr 2000 20:43:59 -0500

Okay, all this talk about bofh, and nobody has mentioned the easiest method of doing this, which is not new to linux 
and provides excellent accounting on what your users are doing, I'm not sure if this saves argv[1-x] but I think it 
does somehow, the base accounting log is enough.  Turn on 'BSD Process Accounting' in your kernel and get the bsd 
process accounting package for your linux distribution.  Now with the simple command: lastcomm, you see everything.

The only other 'secure' way I can think of doing this, that would achieve the best results without using cludgy scripts 
or a massive overhead on some 'tail' process hanging off every shell's stdin fd, is have your shells patched to dump 
all input to a file or something.  Process Accounting rocks though, I don't understand why your not using it already or 
why this wouldn't finish this thread. =)

Chris.

On Sat, 15 Apr 2000, audit wrote:

`->Greeting's,
`->
`->I admin a few Linux servers and have a question about user's .bash_history
`->files. The users on the systems keep their history files but I would like
`->to have what they type logged to /root/history/$user_history
`->I know that this is not polite on my end or the other co-admin's but we
`->need to know what our users are doing at all times. These are slackware
`->boxes and some RedHat boxes.
`->
`->Thanks
`->
Previous By Date Next
Previous By Thread Next

Current thread: