How to restrict all users to stop clearing command history on CentOS
 

How to restrict all users to stop clearing command history on CentOS.

No one should able to clean history of commands except the root on bash prompt.

Please help!!!

command history of whom? If someone has right to write it, it has right also to delete it.

Agreed with what you said, but my question is how to find an work around for normal users.

I want to list all the commands users run on bash but the list of commands shouldn't get deleted, even they type "history -c".

The basic answer is as pan64 already stated you can't.

The bash shell stores its history as a file in the users home directory called .bash_history

To be able to create the history of commands the user has to be able to modify this file thus they can either remove this file or echo "" > .bash_history which will wipe the file's contents.

Even if you alias the command history to be something else the user can still modify or delete the file as its stored in their home directory and if you change permissions so they can't they will not be able to add to it so their history won't be recorded anyway.

Finally there is also the option for the user to change their shell which again would stop or change where their history is recorded if its recorded at all.


Cardy

Chsh usage could be prohibited, right?


There's the "append only" file attribute?


As you see from previous replies the possibilities for incidental and deliberate evasion make that anything you try to enforce is subject to what processes, HIST.* variables and user-owned files users can tamper with. A solution could be to take the user out of the equation, ensuring logging is set up before the shell is initialized and takes place outside of the users home using Audit rules and a shell wrapper (think rootsh). Implementing this will be invasive so it isn't something you would do unless the mandate for an audit trail outweighs possible privacy concerns and the extra amount of setup, maintenance and audit reporting involved. If you're interested please first search LQ for any "I want to log everything"-like threads as it isn't an uncommon question.

Regular archiving of /home/$user/.bash_history to a root-only directory should help manage this.

Can your advice "manage" this?
- as said before: 'history -c',
- link history file to /dev/null,
- setting HISTFILE=/dev/null HISTSIZE=0,
- use of HISTIGNORE (you don't know what you miss if you don't log it ;-p),
- log out and have 'at' create sparse file, do a 12GB seek, fill with /dev/random and replace shell history file,
- export a PROMPT_COMMAND that fscks up shell history contents,
- run commands tru crontab, procmail recipe or anything that allows escaping to the shell.

What is the goal of it at all?

maybe yes!

thanks unSpawn