Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Create a script that executes when a user attempts to delete history logs

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Create a script that executes when a user attempts to delete history logs
# 1  
Old 11-18-2009
Power Create a script that executes when a user attempts to delete history logs
Hi,
I have a linux redhat 9 server and I am concerned about the security on that server.
I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history.
I was thinking about firing or triggering that bacth script upon the call to history. Is this doable and if not are there any other alternatives?

Thanks --
# 2  
Old 11-18-2009
If you have updated the kernel to 2.6 - consider inotify. It allows you to specify a directory or file to watch.

We have all of the history files in one directory - man ksh or man bash for HISTFILE. Set HISTSIZE(or HISTFILESIZE for bash) to a large number ~1000.

What problems are you having - do you not have the system locked down?
# 3  
Old 11-18-2009
Thanks for the reply.

I have kernel 2.4. Whenever I log in to the machine I see that the history file has been purged. I want to create a script that saves a version of the file before it gets deleted. I have locked down my machine but want to monitor internal users and make sure no harm is being done.

Thanks again.
# 4  
Old 11-25-2009
What history file - ie., for what user? If you have the HISTFILE variable set as readonly
and then start inotify or something else to do a change notify on the HISTFILE directory, you will catch whoever is playing games.

If there are users who can su root, that means your system is not locked down.
# 5  
Old 11-26-2009
I wrote the following script that executes every minute:

export LOGNAME PATH
shopt -s histappend
PROMPT_COMMAND='history -a'

d=`date +%y_%m_%d%H%M%S`
#RECFILE=/root/.sessionlog/${LOGNAME}_$d
RECFILE=/root/.sessionlog/${LOGNAME}

echo "***************">> $RECFILE
echo $d >> $RECFILE
history >> $RECFILE

This copies the history log to a file and I scheduled this script to run every minute.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Script for User Management (Create, Delete, Disable...etc)

Hi Everyone, Am very new to shell scripting and would need help on a script that needs to be executed on a central server which takes IP, Flavor (AIX, Solaris, RHEL) as inputs and create a new account/user, update the existing users settings, delete or disable the users/accounts in those servers... (3 Replies)
Discussion started by: VenkatPVS
3 Replies

2. Shell Programming and Scripting

Script to compress and delete the older logs

Hello Guys, Can you please help me with a script which zips the older log files(1-2 weeks) and delete them? I want to run the script manually instead of setting it up in a cron job. Appreciate your help. Regards, Kris (6 Replies)
Discussion started by: kriss.gv
6 Replies

3. UNIX for Dummies Questions & Answers

How to create a file even root user also cant delete?

Is there any way to create a file in linux that root user also can't delete? (8 Replies)
Discussion started by: palani13dec
8 Replies

4. Solaris

Solaris logs - Tracking failed attempts from my host

Hey all I'm having a big problem here. Someone is attempting an SSH to a destination host on which an account resides and locking the account. I'm trying to determine who is performing the SSH attempts from my host. For instance they're logged in as their standard account but then (I'm assuming)... (13 Replies)
Discussion started by: MaindotC
13 Replies

5. Solaris

Unable to create or delete a directory in /usr with root user

Hi All, I am trying to uninstall jdk 1.5 from my Solaris 10 64 bit but some how was not successful.so tried to delete the folder of jdk from /usr but its throughing error as: Unable to remove directory jdk: Read-only file system Even I tried to create a dir in /usr but its not allowing me... (4 Replies)
Discussion started by: Pshah
4 Replies

6. Shell Programming and Scripting

root executes a script as another user

Hi All, Am using the below command to start my application using the root user su - bin -c "/home/bin/test/start.sh" but am getting the error becaue i have set some environment varibales in bin's .profile when i execute the command start.sh by logging directly into bin account it's... (9 Replies)
Discussion started by: ravi.sri24
9 Replies

7. UNIX for Advanced & Expert Users

How to delete history for a particular user

Hi All, Whenever I log in to my terminal and execute some cmds and then I type "history", I get the list of all the commands that I have executed. I want to know where is the history been stored (any path location ?) Secondly,if I want to delete the history or some part of the history, can... (9 Replies)
Discussion started by: shubhranshu
9 Replies

8. Shell Programming and Scripting

Script to delete logs or take backups under specific user

I have to write a shell script like this-- 1) Utility will be run under the directory owner. 2) This utility will clean files in ABC/logs. And following logs will be backed up or deleted. Dispatcher Logs Middle tier Logs Sage log Sage monitor log Sage db clean up result log Core files ... (12 Replies)
Discussion started by: namishtiwari
12 Replies

9. Shell Programming and Scripting

root executes a script as another user

we have this script that stops, starts and monitor process scheduler. prcs_control. this script runs perfectly when executed by ps_user. we are now creating a new script that will run this script and is executed by root. this script needs to execute the prcs_control as ps_user because root can... (1 Reply)
Discussion started by: tads98
1 Replies
Login or Register to Ask a Question