Home page logo

basics logo Security Basics mailing list archives

Re: bash_history to track users
From: Sebastian Hans <hanss () in tum de>
Date: Sat, 15 Nov 2003 15:33:30 +0100

Joe Szilagyi wrote:

Sorry for the delay in getting back to this. I want to log this activity on
a Red Hat server where multiple users log in as 'root'. Not really hunting
for malicious activity, just to see if the bash_history can record the login
IP or hostname. Some users come in from different locations, so it's more of
a security/activity accounting thing. For the time being, worries about
users trying eliminate the history aren't really a concern, simply logging
the activities of users coming in from different hosts (and separating their
commands by host) is.

You'd probably be better off using sudo and correlating this with logs
from sshd if that's how they log in.

/~\ The ASCII                          Sebastian Hans
\ / Ribbon Campaign                    hanss () in tum de
 X  Against HTML                         0x5AED1E6D
/ \ Email!           014C 4A54 FED4 C0B5 3E87  427B 6910 AB0A 5AED 1E6D

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]