On Jan 10, 2007, at 1:59 PM, Bryn M. Reeves wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Kit Gerrits wrote:
Keep in mind, that Bash does some interesting tricks with its bash_history.
(like maintaining a single history per session and fusing them afterwards).
It might be a good idea to mail&wipe the .bash_history file upon logout.
If you want to use the .bash_history file for autiding:
Some O/S'es / filesystems allow write-only access to files.
This would make sure the user cannot 'edit' the file to remove any traces.
(This is usually limited to /var/log, so I don't know if it can be applied
to a single file)
Ext3 allows something close to this. Using its extended attributes you
can mark a file as append only (chattr +a <file>). Only the root account
can add/remove this attr.
It doesn't seem to play to well when the history fills up though - if I
set HISTFILESIZE and HISTSIZE both to 10, after 10 history items have
accumulated it ceases to record anything.
I don't think trying to use the shell history as a security audit is
really going to fly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----
Linux-cluster mailing list