sacha chua living an awesome life

6092 comments
2357 subscribers
6240 on Twitter
Subscribe! Feed reader E-mail
« Older:
Newer: »

Tracking people’s history

Posted on September 19th, 2003 by Sacha Chua

FROM http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html

4.10.9 Hand-made user auditing

If you are paranoid you might want to add a system-wide /etc/profile
that sets the environment in a way such that they cannot remove audit
capabilities from the shell (commands are dumped to $HISTFILE. The
/etc/profile could be set as follows:

       HISTFILE=~/.bash_history
       HISTSIZE=100000000000000000
       HISTFILESIZE=10000000000000000
       readonly HISTFILE
       readonly HISTSIZE
       readonly HISTFILESIZE
       export HISTFILE HISTSIZE HISTFILESIZE

More posts about: Uncategorized // 1 Comment »

Short URL: http://sachachua.com/blog/p/1128
  • Breeze

    Well that’s a good idea, but:
    The user owns his “~/.bashrc” or has to have at least write access to append to the history.
    So the user can easily avoid auditing by removing a few commands from in between the history, and you’d not even know, because the file changes anyway.

    And “HISTCONTROL=ignorespace” is maybe set also, so a command beginning with a space won’t show up in the history at all.

    But still a good idea, if the users don’t know where to look or are too lazy ;)

    - Breeze

« Older:
Newer: »

Related posts

On This Day...

  • 2012: Thinking about a Quantified Self directory — So we were talking about a directory of people interested in Quantified Self, and I want to think about what [...]
  • 2011: IBM Comic: Watson on helpdesk duty; variants — I wasn’t sure which variant would work out best, so I’ll let the intranet editorial team pick their favourite, and [...]
  • 2010: Week ending September 19, 2010 — From last week’s plans Work [-] Support Classroom to Client: Collect lessons learned and create new material – People are busy [...]
  • 2008: Two-week review: 2 weeks ending September 19 — What an eventful two weeks! My presentation on new media and the new generation in Washington was a lot of fun. [...]
  • 2005: Hmm. Must hack my breathing. — Breathing has been sub-optimal these past few days. It seems I run out of breath so quickly, and when I do [...]
  • 2005: Networking for Geeks: Finding the Bleeding Edge through del.icio.us — Want to plunge into a field? Here’s how to figure out who the early adopters are and what you should be [...]
  • 2003: align-regexp — C-u M-x align-regexp RET \(\s-*\)| RET RET RET y RET will align planner tables beautifully.
  • 2003: CS21A today — (education, cs21a) We had a particularly fun CS21A session today. I wanted them to learn how to grow an array and [...]
  • 2003: Encouragement =) — (good karma) Date: Wed Sep 17 14:24:33 2003 +0800 Dear Sacha, First of all, thank you for your presentation at PSITE’s first national [...]
  • 2003: Automatic UPDATE on INSERT — MySQL 4.1 (in alpha) now supports automatic UPDATE if INSERTing on existing row http://www.mysql.com/doc/en/Nutshell_4.1_features.html Whee! That will make coding _way_ simpler.
  • 2003: More warm and fuzzy feelings — (education, cs21a, good karma) hi ate sacha! thank you for always being available for consultation. when i came home last wednesday, [...]

Featured Categories

Like this? Subscribe using your feed reader or your e-mail client! Follow me on Twitter for quick updates, and add me on Google+. Contact me: I'd love to hear your thoughts, questions, and suggestions!


Copyright © 2001-2012 Sacha Chua (sacha@sachachua.com). Please feel free to reuse content under a Creative Commons Attribution Non-commercial Sharealike license unless otherwise noted.

Get the highlights as a PDF!

Stories from my Twenties: Highlights from a Decade of Blogging

Free sample!