[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] Quick off topic question



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kit Gerrits wrote:
> Keep in mind, that Bash does some interesting tricks with its bash_history.
> (like maintaining a single history per session and fusing them afterwards).
> 
> It might be a good idea to mail&wipe the .bash_history file upon logout.
> 
> 
> If you want to use the .bash_history file for autiding:
> Some O/S'es / filesystems allow write-only access to files.
> This would make sure the user cannot 'edit' the file to remove any traces.
> (This is usually limited to /var/log, so I don't know if it can be applied
> to a single file)
> 

Ext3 allows something close to this. Using its extended attributes you
can mark a file as append only (chattr +a <file>). Only the root account
can add/remove this attr.

It doesn't seem to play to well when the history fills up though - if I
set HISTFILESIZE and HISTSIZE both to 10, after 10 history items have
accumulated it ceases to record anything.

I don't think trying to use the shell history as a security audit is
really going to fly.

Kind regards,

Bryn.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFpUWg6YSQoMYUY94RAodyAJwPqvhL6kjsuNtk+41fjCTTm42WCQCfePBG
Ej02a3O1mY8reqbN/8KqRDM=
=mSYq
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]