LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to restrict all users to stop clearing command history on CentOS (http://www.linuxquestions.org/questions/linux-security-4/how-to-restrict-all-users-to-stop-clearing-command-history-on-centos-4175429095/)

jaipsharma 09-26-2012 07:29 AM

How to restrict all users to stop clearing command history on CentOS
 
How to restrict all users to stop clearing command history on CentOS.

No one should able to clean history of commands except the root on bash prompt.

Please help!!!

pan64 09-26-2012 07:34 AM

command history of whom? If someone has right to write it, it has right also to delete it.

jaipsharma 09-26-2012 07:42 AM

Agreed with what you said, but my question is how to find an work around for normal users.

I want to list all the commands users run on bash but the list of commands shouldn't get deleted, even they type "history -c".

cardy 09-26-2012 08:01 AM

The basic answer is as pan64 already stated you can't.

The bash shell stores its history as a file in the users home directory called .bash_history

To be able to create the history of commands the user has to be able to modify this file thus they can either remove this file or echo "" > .bash_history which will wipe the file's contents.

Even if you alias the command history to be something else the user can still modify or delete the file as its stored in their home directory and if you change permissions so they can't they will not be able to add to it so their history won't be recorded anyway.

Finally there is also the option for the user to change their shell which again would stop or change where their history is recorded if its recorded at all.


Cardy

unSpawn 09-26-2012 10:54 AM

Quote:

Originally Posted by cardy (Post 4789690)
(..) there is also the option for the user to change their shell (..)

Chsh usage could be prohibited, right?


Quote:

Originally Posted by pan64 (Post 4789666)
command history of whom? If someone has right to write it, it has right also to delete it.

Quote:

Originally Posted by cardy (Post 4789690)
To be able to create the history of commands the user has to be able to modify this file thus they can either remove this file or echo "" > .bash_history which will wipe the file's contents. Even if you alias the command history to be something else the user can still modify or delete the file as its stored in their home directory and if you change permissions so they can't they will not be able to add to it so their history won't be recorded anyway.

There's the "append only" file attribute?


Quote:

Originally Posted by jaipsharma (Post 4789676)
(..) my question is how to find an work around for normal users. I want to list all the commands users run (..)

As you see from previous replies the possibilities for incidental and deliberate evasion make that anything you try to enforce is subject to what processes, HIST.* variables and user-owned files users can tamper with. A solution could be to take the user out of the equation, ensuring logging is set up before the shell is initialized and takes place outside of the users home using Audit rules and a shell wrapper (think rootsh). Implementing this will be invasive so it isn't something you would do unless the mandate for an audit trail outweighs possible privacy concerns and the extra amount of setup, maintenance and audit reporting involved. If you're interested please first search LQ for any "I want to log everything"-like threads as it isn't an uncommon question.

Habitual 09-26-2012 11:51 AM

Quote:

Originally Posted by jaipsharma (Post 4789676)
Agreed with what you said, but my question is how to find an work around for normal users.

I want to list all the commands users run on bash but the list of commands shouldn't get deleted, even they type "history -c".

Regular archiving of /home/$user/.bash_history to a root-only directory should help manage this.

unSpawn 09-26-2012 12:24 PM

Quote:

Originally Posted by Habitual (Post 4789878)
Regular archiving of /home/$user/.bash_history to a root-only directory should help manage this.

Can your advice "manage" this?
- as said before: 'history -c',
- link history file to /dev/null,
- setting HISTFILE=/dev/null HISTSIZE=0,
- use of HISTIGNORE (you don't know what you miss if you don't log it ;-p),
- log out and have 'at' create sparse file, do a 12GB seek, fill with /dev/random and replace shell history file,
- export a PROMPT_COMMAND that fscks up shell history contents,
- run commands tru crontab, procmail recipe or anything that allows escaping to the shell.

pan64 09-27-2012 01:54 AM

What is the goal of it at all?

128 09-27-2012 07:22 PM

Quote:

Originally Posted by pan64 (Post 4790384)
What is the goal of it at all?

maybe yes!

thanks unSpawn


All times are GMT -5. The time now is 07:35 PM.