Home page logo

basics logo Security Basics mailing list archives

Re: bash_history to track users
From: "Lothar Kimmeringer" <bugtraq () kimmeringer de>
Date: Thu, 06 Nov 2003 08:49:53 +0200

On Thu, 6 Nov 2003 00:44:08 -0500, Joe Szilagyi wrote:

Is there any way to totally keep track of users, to the degree of adding
timestamps and hostnames to each entry in the server's .bash_history files?

bash_history is quite the wrong place for these kind of things,
because you only need to take e.g. ksh to avoid logging or
bring your own shell with you to have real control as a user.

I want history
to show like, this, and same from other people logging in...

114 barney.gumble.com passwd marge
115 barney.gumble.com adduser moe
116 cd /etc/conf/httpd
117 vi httpd.conf
118 barney.gumble.com pico .bachrc

Simple question: Why do you want to do this? If there was
somebody who was able to hack your system he will hack your
history-files as well, so most likely you will not be able
to find something out this way.

Read some resources about intrusion detection, I'm sure
there will be some hints helping you hardening your system.

Regards, Lothar

BTW: In Germany this kind of thing you're planning might be
     against the law.

Lothar Kimmeringer                E-Mail: mailbody () kimmeringer de
               PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)

Always remember: The answer is forty-two, there can only be wrong

The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]