FROM http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html

4.10.9 Hand-made user auditing

If you are paranoid you might want to add a system-wide /etc/profile
that sets the environment in a way such that they cannot remove audit
capabilities from the shell (commands are dumped to $HISTFILE. The
/etc/profile could be set as follows:

       HISTFILE=~/.bash_history
       HISTSIZE=100000000000000000
       HISTFILESIZE=10000000000000000
       readonly HISTFILE
       readonly HISTSIZE
       readonly HISTFILESIZE
       export HISTFILE HISTSIZE HISTFILESIZE