Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not sure if this would involve security (I do though. Please let me know if it is otherwise). Everyone knows by now it is advisable not to log in as root to perform system maintenance or run various commands as it could do more harm than good. I was wondering is it possible to have bash prompt me say twice when I enter any command e.g. I run the command shutdown -h now. Is it possible to have bash prompt me "Are you sure that you want to run that command"?
Secondly, is it possible to log bash commands for a particular user 1) log only certain chosen commands 2) log every command
Not sure about the first, but as for the second, you could grep a user's .bash_history for any commands you want to keep track of.
<< EDIT >>
Just had a thought on the first... Create your own shell scripts and put them in your ~/bin directory. It would contain your "Do you really...?" query, and run the specific command if you answered yes.
It would even save you keystrokes if you named it something similar, but easily [TAB]-completed... "shutoff.sh" runs the query and "shutdown -h now".
Last edited by ranger_nemo; 08-14-2004 at 10:02 AM.
Yes It is possible but for that you have to have a well written bach script which will get a command from you and then checks your decision and then run the command. An simple scripting idea I am giving you below
if [1 != ""] then
echo "Do You Really Want To Execute That Command [Y/N]: "
read $dec
if[ $dec = "Y" | $dec ="y"] then
/bin/sh $dec
then place this script in you "bin" of your home for every command you want to check. and then do
PATH=/yourhome/bin:$PATH
export PATH
there might be some errors in the script but I have just given you a rough idea
To log user commands you should look into BSD style process accounting (just using .bash_history is not reliable, since a user can edit their .bash_history or disable it altogether). You'll need support for process accounting compiled into your kernel and the user space tools installed on your machine. Then read the man pages for accton and lastcomm and you should be set.
quote:
----------------------------------------------------------------------
To log user commands you should look into BSD style process accounting (just using .bash_history is not reliable, since a user can edit their .bash_history or disable it altogether). You'll need support for process accounting compiled into your kernel and the user space tools installed on your machine. Then read the man pages for accton and lastcomm and you should be set.
----------------------------------------------------------------------
btmiller,
Could you further elaborate your answer as to how I could follow a BSD style of processing user commands? Thank you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.