History is certainly useless since it's under control of the user. I looked in my bash book at saw:
Quote:
...HISTCONTROL variable. If set to ignorespace, any commands that you type that start with a space won't appear in the history.
And there are many other ways to defeat history including typing "sh" and running a bourne shell for awhile.
I hate to be a party pooper, but accounting is also easily defeated. But why bother? Suppose your accounting records shows that I did:
OK, now what did I do?
Some versions of unix have C2 level security features. You can configure them to track every system call invoked by every user. This puts a nasty load of the system though. Short of this, you aren't going to be able to reliably track what users do.
During the course of the session before I logout I see some of the commands listed from my previous session but not from my current session and after I logout and log back in I see the commands which I ran before logging out.
Does the .bash_history stay in the buffer or someplace else then?
... (2 Replies)
Dear All,
I am creating users on our servers. the .bash_history supposed to store all the commands entered by the user. My question is, how can I prevent the user himself from editing or viewing this file?
I have tried chaning the owner of the .bash_history to be the root user but... (5 Replies)
Hi Experts,
I know my question would be strange but i need to understand how the .bash_history file is logging user actions (the mechanism) and if possible modify it to include also the date/time of every action done by the user.
Sample file:
# more .bash_history
ssh <IP address> -l axadmin... (3 Replies)
Hi - user commands are written in . bash_history of that user when he logs out. my bash_history file shows. not sure what that number means
#1329618972
ls -la
#1329618978
ls
#1329618980
ls -la
my bash_profile looks like this
PATH=$PATH:$HOME/bin
export PATH
export... (3 Replies)
rm -rf .bash_history some one ran rm -rf .bash_history on my Linux server(SUSE),I can see this command being run in current history, but I want the OLD history as well,can I recover the old history back. (9 Replies)
Hi would like to ask if there is anyway to display .bash_history with timestamp using shell script?
i know that you should use history command with HISTTIMEFORMAT="%d/%m/%y %T " to display it in terminal but it does not work when i use it on shell script. It seem that you can't run history... (1 Reply)
I am using the bash shell.
When I view my recent command history using the "history" command from the prompt, it only shows me the commands starting at #928.
The commands I need are earlier than that, but I can't figure out how to make the other 927 display.
They are in my .bash_history... (1 Reply)
Discussion started by: Twinklefingers
1 Replies
LEARN ABOUT HPUX
accton
acct(1M)acct(1M)NAME
acct: acctdisk, acctdusg, accton, acctwtmp, closewtmp, utmp2wtmp - overview of accounting and miscellaneous accounting commands
SYNOPSIS
file] file]
[file]
reason
DESCRIPTION
Accounting software is structured as a set of tools (consisting of both C programs and shell procedures) that can be used to build account-
ing systems. The shell procedures, described in acctsh(1M), are built on top of the C programs.
Connect time accounting is handled by various programs that write records into the The programs described in acctcon(1M) convert this file
into session and charging records which are then summarized by (see acctmerg(1M)).
Process accounting is performed by the HP-UX system kernel. Upon termination of a process, one record per process is written to a file
(normally The programs in acctprc(1M) summarize this data for charging purposes; is used to summarize command usage (see acctcms(1M)).
Current process data can be examined using (see acctcom(1M)).
Process accounting and connect time accounting (or any accounting records in the format described in acct(4)) can be merged and summarized
into total accounting records by (see the format in acct(4)). is used to format any or all accounting records (see acctsh(1M)).
reads lines that contain user ID, login name, and number of disk blocks, and converts them to total accounting records that can be merged
with other accounting records.
reads its standard input (usually from and computes disk resource consumption (including indirect blocks) by login. Only files found under
login directories (as determined from the password file) are accounted for. All files under a login directory are assumed to belong to
that user regardless of actual owner. If is given, records consisting of those file names for which charges no one are placed in file (a
potential source for finding users trying to avoid disk charges). If is given, file is the name of the password file. This option is not
needed if the password file is (See diskusg(1M) for more details.)
turns process accounting off if the optional file argument is omitted. If file is given, it must be the name of an existing file, to which
the kernel appends process accounting records (see acct(2) and acct(4)).
writes a utmp record to its standard output if the option is not used. If the option is used, writes a record to The record contains the
current time and a string of characters that describe the reason for writing the record. A record type of is assigned (see utmp(4) and
utmps(4)). The string argument reason must be 11 or fewer characters, numbers, or spaces if option is not used. Otherwise, it must be 63
or fewer characters, numbers, or spaces. For example, the following are suggestions for use in reboot and shutdown procedures, respec-
tively:
writes a record, for each user currently logged in, to the file This program is invoked by runacct to close the existing file before creat-
ing a new one.
writes a record, for each user currently logged in, to the file This program is invoked by runacct to initialize the newly created file.
FILES
Holds all accounting commands listed in section(1M) of this manual.
Current process accounting file.
Used for converting login name to user ID
Login/logoff history file.
New login/logoff history database.
SEE ALSO acctcms(1M), acctcom(1M), acctcon(1M), acctmerg(1M), acctprc(1M), acctsh(1M), diskusg(1M), fwtmp(1M), runacct(1M), acct(2), acct(4),
utmp(4). utmps(4), wtmps(4).
STANDARDS CONFORMANCE acct(1M)