LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to backup root's bash history as normal user (http://www.linuxquestions.org/questions/linux-security-4/how-to-backup-roots-bash-history-as-normal-user-4175451453/)

angel'le 02-23-2013 07:12 PM

How to backup root's bash history as normal user
 
I type important commands as root but sometimes either my hard disk fails or my system crashes.
Therefore I want to automatically backup with dropbox the /root/.bash_history file as a normal user.

The only thing I need is get acess to this file without root privileges.
I tried adding myself as owner of /root/ folder, but it is insecure

Thanks in advance

Habitual 02-23-2013 07:33 PM

You may be the owner of a Big Fat Re-install if you keep re-assigning ownership of important directories.

angel'le 02-23-2013 07:48 PM

Quote:

Originally Posted by Habitual (Post 4898394)
You may be the owner of a Big Fat Re-install if you keep re-assigning ownership of important directories.

That is why I want try the correct way, but I don't know what to do.

shivaa 02-23-2013 09:28 PM

After doing your work as root, before invoking the exit cmd, once invoke:
Code:

[user@example]~# history >> /home/username/root_bash_history.txt
[user@example]~# exit

You can also add your user account to /etc/sudoers and get sudo privilages, then you can:
Code:

[user@example]~$ date >> /home/username/root_bash_history.txt
[user@example]~$ sudo cat /root/.bash_history >> /home/username/root_bash_history.txt
[sudo] password for username:

Besides, many other ways to achieve this, so let's know where exactly you're stuck?

unSpawn 02-24-2013 09:10 AM

Quote:

Originally Posted by angel'le (Post 4898382)
I want to automatically backup with dropbox the /root/.bash_history file as a normal user.

Be aware that 0) you obviously should address causes for outage / b0rkage first and 1) that DropBox does not guarantee privacy. With shell history files the potential risk exists of disclosing sensitive information so you best encrypt files before stashing them. Couple of possibilities:
- Set up a regular cron job that triggers a backup. Note here the cron job interval doesn't matter because it won't trigger any action if the file hash matches:
Code:

#!/bin/sh --
# Set debug mode when testing:
set -vx
# Set default behaviour:
LANG=C; LC_ALL=C; export LANG LC_ALL
TARGET="/root/.bash_history"
HASHFILE="/root/.bash_history.sha1"
[ -f "${HASHFILE}" ] || sha1sum "${TARGET}" > "${HASHFILE}"
sha1sum --status -c "${HASHFILE}" || do_make_backup_etc_etc
exit 0

- Set up a incron job that triggers a backup on say IN_MODIFY and IN_CLOSE_WRITE events,
- Configure /etc/sudoers so you can copy that particular file manually (or from your personal crontab).

angel'le 02-24-2013 07:42 PM

Quote:

Originally Posted by unSpawn (Post 4898627)
Be aware that 0) you obviously should address causes for outage / b0rkage first and 1) that DropBox does not guarantee privacy. With shell history files the potential risk exists of disclosing sensitive information so you best encrypt files before stashing them. Couple of possibilities:
- Set up a regular cron job that triggers a backup. Note here the cron job interval doesn't matter because it won't trigger any action if the file hash matches:
Code:

#!/bin/sh --
# Set debug mode when testing:
set -vx
# Set default behaviour:
LANG=C; LC_ALL=C; export LANG LC_ALL
TARGET="/root/.bash_history"
HASHFILE="/root/.bash_history.sha1"
[ -f "${HASHFILE}" ] || sha1sum "${TARGET}" > "${HASHFILE}"
sha1sum --status -c "${HASHFILE}" || do_make_backup_etc_etc
exit 0

- Set up a incron job that triggers a backup on say IN_MODIFY and IN_CLOSE_WRITE events,
- Configure /etc/sudoers so you can copy that particular file manually (or from your personal crontab).

I get almost of this method, actually it looks pretty good. So after the last double pipeline I will copy the history to an encrypted folder I use to dropbox and finally regenerate the hash file.
I'm going to use the root crontab, so it is not need to configure the sudoers file.

Thank all you

abefroman 02-27-2013 08:13 PM

If you install Snoopy Logger there will be a copy in /var/log/secure


All times are GMT -5. The time now is 04:01 PM.