mailing list archives
Re: bash_history to track users
From: Sebastian Hans <hanss () in tum de>
Date: Fri, 14 Nov 2003 11:06:39 +0100
Jack Whitsitt (jofny) wrote:
The ONLY thing this would useful for is being able to backtrack a clue-less user. A
malicious user with clue will do what he wants and then go hand edit the bash history.
After all, it's in his home
directory and he owns it.
That's not entirely accurate. It's fairly easy to modify bash to log this file elsewhere...and
it should not be much harder to have it log to two locations with different permissions...
But not too different. The user must still have write access. Otherwise,
how would the shell write to it? If the shell can write to it, so can
the user. Anyway, what if the user has more than one instance running?
.bash_history only has the history of one instance. Or tcsh? Or any
other shell for that matter?
Without hacking the code, though, I suppose you can write a script to parse the output of "w"
and have it add items as they change.
But this only catches
(1) the foreground process, not processes running in the background
(you could parse the output of ps instead) and
(2) processes that are running while you are doing the w (or ps). Some
could slip through.
/~\ The ASCII Sebastian Hans
\ / Ribbon Campaign hanss () in tum de
X Against HTML 0x5AED1E6D
/ \ Email! 014C 4A54 FED4 C0B5 3E87 427B 6910 AB0A 5AED 1E6D
Re: bash_history to track users Valter Santos (Nov 17)
RE: bash_history to track users Brecrost Jones (Nov 06)
RE: bash_history to track users arek (Nov 14)
- Re: bash_history to track users, (continued)