[Linux-cluster] Quick off topic question
Bryn M. Reeves
breeves at redhat.com
Wed Jan 10 19:59:29 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kit Gerrits wrote:
> Keep in mind, that Bash does some interesting tricks with its bash_history.
> (like maintaining a single history per session and fusing them afterwards).
>
> It might be a good idea to mail&wipe the .bash_history file upon logout.
>
>
> If you want to use the .bash_history file for autiding:
> Some O/S'es / filesystems allow write-only access to files.
> This would make sure the user cannot 'edit' the file to remove any traces.
> (This is usually limited to /var/log, so I don't know if it can be applied
> to a single file)
>
Ext3 allows something close to this. Using its extended attributes you
can mark a file as append only (chattr +a <file>). Only the root account
can add/remove this attr.
It doesn't seem to play to well when the history fills up though - if I
set HISTFILESIZE and HISTSIZE both to 10, after 10 history items have
accumulated it ceases to record anything.
I don't think trying to use the shell history as a security audit is
really going to fly.
Kind regards,
Bryn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFFpUWg6YSQoMYUY94RAodyAJwPqvhL6kjsuNtk+41fjCTTm42WCQCfePBG
Ej02a3O1mY8reqbN/8KqRDM=
=mSYq
-----END PGP SIGNATURE-----
More information about the Linux-cluster
mailing list