OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: History Files
From: Corwin J. Grey (cgreyWCFAMILY.COM)
Date: Sat Apr 15 2000 - 19:31:44 CDT


Actually there is a pretty good way that is so simple it's nearly foolproof
(there are a one or two ways around it, but any program that spawns a shell
will (if you limit all the shells to bash) launch bash which will write a
session log on exit.

Force each user to use bash first of all, and don't allow them to change
shells.

 In your /root/history/$user_history create a file for the user (e.g.
/root/history/bob)

 mkdir /root/history
 chmod 0777 /root/history

 touch /root/history/bob
 ln -s /root/history/bob /home/bob/.bash_history
 chmod 0600 /root/history/bob
 chown bob.bob /root/history/bob
 chattr +au /root/history/bob

And happy logging :)

----- Original Message -----
From: audit <auditRADIUSNET.NET>
To: <VULN-DEVSECURITYFOCUS.COM>
Sent: April 15, 2000 15:44
Subject: History Files

> Greeting's,
>
> I admin a few Linux servers and have a question about user's .bash_history
> files. The users on the systems keep their history files but I would like
> to have what they type logged to /root/history/$user_history
> I know that this is not polite on my end or the other co-admin's but we
> need to know what our users are doing at all times. These are slackware
> boxes and some RedHat boxes.
>
> Thanks