Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users .bash_history
# 8  
Old 11-06-2001
It's not an excutable file. It's a text file so you need to be able to read and write to use it as a history file.
# 9  
Old 11-09-2001

Search for under my name, Kelam_Magnus, and look for history answers.

I have a script that will help you keep track per user and you can chmod on the history file that is created.

# 10  
Old 09-17-2002
This is a very old thread, but if you want to keep the user from editing the .bash_profile, you might have a few options. In the /etc/profile, you might set HISTFILE, HISTSIZE, HISTCONTROL, HISTFILESIZE, HISTIGNORE, histchars, and any other history-controlling variables I might have missed as read-only, then "chattr +a ~user/.bash_profile". Then again, there is the situation described by Perderabo, in which someone writes a script, C, or any other program, and executes it, or just executes a shell. Also, the logging of all calls creates a tremendous amount of data to pour through, and will probably become neglected unless you have lots of free time on your hands.

If you don't trust your users, don't let them in. Otherwise, strengthen your boxes against attackers and hope for the best...
# 11  
Old 09-17-2002
The way to proceed is to develop (or use exisiting) a wrapper program around the user login that logs all standard-in from keyboard, and logs this information securely so the user cannot modify.

I wrote a C program called 'keylog.c' that does just this for an HP-UX platfrom that did some very critical transactions and had users logging in from all over the world to debug real-time and near-real time errors.

The program basically wrapped around the user shell and logged all the keystrokes, with timestamps a the beginning of the login session and one at the end, of the user. The process could be killed by the user, but if a use attempted to kill the logging program, the program trapped the kill signal and would kill all child processes. If you can imagine this, this means that the user killed or attempted to kill the logging program, the user would be immedately logged out because his shell would die immediately.

BTW: None of this is performed with HISTORY and other shell functions. These are not reliable and were not designed for security, tracing nor auditing.

Worked great and the platform received insurance certification from LLoyds of London, which meant that enough security controls were in place to reasonably insure (not perfect, but good enough to insure combined with other controls).

I disagree with an earlier comment that 'if you don't trust users, don't let them login'..... they are simply too many production servers that require tracing and logging. Trust is relative and most mistakes that cost companies the biggest money are not from malicious activities, they come from well intended users who make honest mistakes. Those user makes must be traceable (to the user) and auditable in many applications.

(BTW: None of what I describe above is accomplished with shell history files like .sh_history, etc. Those files are not designed for real security applications.)
# 12  
Old 09-17-2002
I definitely see your point, but I see a lot of admins who want to "spy" on their users, or a company that does not hire qualified or trustworthy personell. That is where I get my stance.

Being that I am currently working with a company that does demand real-time transactions and reporting 24x7x365, I understand that sometimes "mistakes" are made when trying to quickly solve a production problem, although in a working business they should be minimal.

In my limited experience, I have seen far more cases of hardware failure than "user error". A good case might be a grossly incompetent DBA whose database design is falling in on itself. And if he accidentally drops a critical index on the box, there's a good chance that most people aren't going to see that logged anyways in a typical setting, because many DBAs use tools like SQL Analyzer, or one of the Oracle front-ends... So do you sniff the wire? And where do you store this growing amount of information in a secure manner? Who analyzes it? Is this person authorized to have the various passwords and private information that they are bound to see in these logs? What is the retention policy on it?

I guess I just believe that if you're still trying to figure out how to keep a user from deleting their .bash_history, you probably haven't given this a whole lot of thought or planning in the first place. Nor would you likely have company backing, as this does become a legal privacy issue, if someone is let go for something you saw in this log.
# 13  
Old 09-18-2002

Yes, I tend to agree. If an admin's 'toolkit' of IT security options is via shell history files, then they have a long way to go......

On the other hand, we are here to guide them on the path.

It is a bit hard for folks with limited experience to see all the options AND they may work in an environment with limited resources to collaborate on these issues.

There are many legitimate system adminstrators with mult-user systems where accountability is critical to the mission. This is not 'spying' on the users because the systems are IT resources that belong to the company and the actions of users on those systems often require accountability. This is always true when the system application is insured, requires certification, and a myriad other professional operational IT system requirements.

Are we off topic yet? Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

How to get the "history" command to show all that is in the .bash_history file?

I am using the bash shell. When I view my recent command history using the "history" command from the prompt, it only shows me the commands starting at #928. The commands I need are earlier than that, but I can't figure out how to make the other 927 display. They are in my .bash_history... (1 Reply)
Discussion started by: Twinklefingers
1 Replies

2. Shell Programming and Scripting

Display .bash_history with timestamp using script

Hi would like to ask if there is anyway to display .bash_history with timestamp using shell script? i know that you should use history command with HISTTIMEFORMAT="%d/%m/%y %T " to display it in terminal but it does not work when i use it on shell script. It seem that you can't run history... (1 Reply)
Discussion started by: pikamon
1 Replies

3. UNIX for Advanced & Expert Users

How to recover .bash_history?

rm -rf .bash_history some one ran rm -rf .bash_history on my Linux server(SUSE),I can see this command being run in current history, but I want the OLD history as well,can I recover the old history back. (9 Replies)
Discussion started by: Ankit Bansal
9 Replies

4. UNIX for Dummies Questions & Answers

how to store time in .bash_history file

Hi - user commands are written in . bash_history of that user when he logs out. my bash_history file shows. not sure what that number means #1329618972 ls -la #1329618978 ls #1329618980 ls -la my bash_profile looks like this PATH=$PATH:$HOME/bin export PATH export... (3 Replies)
Discussion started by: oraclermanpt
3 Replies

5. UNIX for Advanced & Expert Users

.bash_history modification

Hi Experts, I know my question would be strange but i need to understand how the .bash_history file is logging user actions (the mechanism) and if possible modify it to include also the date/time of every action done by the user. Sample file: # more .bash_history ssh <IP address> -l axadmin... (3 Replies)
Discussion started by: Dendany83
3 Replies

6. Shell Programming and Scripting


Dear All, I am creating users on our servers. the .bash_history supposed to store all the commands entered by the user. My question is, how can I prevent the user himself from editing or viewing this file? I have tried chaning the owner of the .bash_history to be the root user but... (5 Replies)
Discussion started by: charbel.n.s
5 Replies

7. UNIX for Advanced & Expert Users


During the course of the session before I logout I see some of the commands listed from my previous session but not from my current session and after I logout and log back in I see the commands which I ran before logging out. Does the .bash_history stay in the buffer or someplace else then? ... (2 Replies)
Discussion started by: jacki
2 Replies

8. UNIX for Dummies Questions & Answers

Change .bash_history to another one

we need the help to change .bash_histroy file in root ,(i.e) we want to save the histroy for .temp.txt for permenently. how to do?? Help us (1 Reply)
Discussion started by: thakshina
1 Replies
Login or Register to Ask a Question