> > Also i would like to ask hot to make a user .history file unaccessible
> > for his owner ( to prevent it from deleting)?
> use "chflags sappend <file>", this will set the "system append only
> flag", ie: you may only append to the file, and it's only set/unsettable
> by root.

a user may still change the histfile (tcsh) or HISTFILE (bash, zsh) variable
to simply point to another file, such as /dev/null.

You may make this variable readonly by issuing the shell-builtin command
(bash and zsh):
        readonly HISTFILE

If you put this in your system-wide shell config files and chflags them to
be immutable, you can ensure that the history will be written only to the
named HISTFILE. But, like someone else mentioned, this can easily be
overcome by merely writing a simple perl shell and issuing system calls.
I believe that there is/was a kernel module at some point which allowed for
more extensive logging of commands (full command-line minus symbols
interpreted by the shell) which gives for at least somewhat more detailed
logging than your basic accounting, assuming of course that accounting can't
be made to do this already.

-Anthony.

p.s. sincerest apologies to anyone who has received multiple copies of this
email. I've been having a few mail difficulties.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjxe0YwACgkQ+rDjkNht5F02mgCfcVX5UhNOSKAnng5Onv+2EKip
JF0An3nwZxTu2PepT0yxy6yx5orJzFfH
=R+3H
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]