Home page logo

basics logo Security Basics mailing list archives

Re: bash_history to track users
From: Valter Santos <vsantola () devfusion net>
Date: Mon, 17 Nov 2003 17:28:05 +0000


maybe your approach is not the correct one! It will more valuable and
less risky to send bash commands to syslog and have syslog send
everything to a remote server.

Some time ago i have used Autonomasia's bash-syslog patch [1] for bash
2.03 and adapted it to mandrake's bash 2.05b [2]. In my website you will
find binary RPMs to this last one. If you use another distro shouldn't
be very hard to adapt the patch to it.

[1] Autonomasia bash-syslog patch for bash-2.03

[2] My bash-syslog patch for bash-2.05b-12mdk:

Hope this help

On Thu, 2003-11-06 at 05:44, Joe Szilagyi wrote:
Hi everyone,

Is there any way to totally keep track of users, to the degree of adding
timestamps and hostnames to each entry in the server's .bash_history files?

The especially wonderful thing would be able to have .bash_history record
the IP/hostname the person responsible is logging in from, i.e., if I'm in
as root from host 'barney.gumble.com', and I run command 'y', I want history
to show like, this, and same from other people logging in...

114 barney.gumble.com passwd marge
115 barney.gumble.com adduser moe
116 cd /etc/conf/httpd
117 vi httpd.conf
118 barney.gumble.com pico .bachrc

...and so on. Is this possible?


Valter Santos
keys      @ http://devfusion.net/~vsantola/
E2A4B206  @ 99FA 3D80 4B54 BA70 7DD7 C751 47BA 49BC E2A4 B206

Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]