Hello folks, I have a doubt concerning how to keep log of all action executed by users in their tty`s. In order to achieve this I would start adding "history -a" to the PROMPT_COMMAND directive.
Then I would set the .bash_history permissions to append only with:
"chattr +a .bash_history"

On the following I could add
to /etc/profile.

And finally deny users from executing shells in higher profiles:
in /etc/sudoers

My question is are any caveats on my approach? I`ve created the user accounts with the newusers command and in result as they have not logged so far they don`t have a .bash_history in their homes is this a problem? Can I create this files or it would bring me problems regarding the order of its contents or something like that??


Regards.

What OS / version?

Commands that are executed using sudo(8) should already be logged. Whipping together a contrived approach with the bash(1) history command is going to present difficulties. root can simply remove the immutable attribute.

Finally, using a blacklisting approach in sudoers(5) is a bad idea. It is more effective to whitelist the actions you want sudoers to be able to perform, and by default deny all the rest. (Why? Because too many utilities offer capabilities to drop to a shell or use other methods to escalate privileges in ways you might not expect.)

1 members found this post helpful.

We aretunning Debian Linux but I'm not so affraid people would intentionally remove the files. But it is more like as those are production servers if they are modified and like 3 years later I need to check why and what has been done by whom I could go back to bash_histories and take a look.