LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 09-26-2012, 07:29 AM   #1
jaipsharma
LQ Newbie
 
Registered: Jun 2010
Posts: 8

Rep: Reputation: 0
How to restrict all users to stop clearing command history on CentOS


How to restrict all users to stop clearing command history on CentOS.

No one should able to clean history of commands except the root on bash prompt.

Please help!!!
 
Old 09-26-2012, 07:34 AM   #2
pan64
Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 5,167

Rep: Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364
command history of whom? If someone has right to write it, it has right also to delete it.
 
Old 09-26-2012, 07:42 AM   #3
jaipsharma
LQ Newbie
 
Registered: Jun 2010
Posts: 8

Original Poster
Rep: Reputation: 0
Agreed with what you said, but my question is how to find an work around for normal users.

I want to list all the commands users run on bash but the list of commands shouldn't get deleted, even they type "history -c".
 
Old 09-26-2012, 08:01 AM   #4
cardy
Member
 
Registered: Jan 2005
Location: Shropshire, England, UK
Distribution: RedHat, Fedora, CentOS..........
Posts: 121

Rep: Reputation: 19
The basic answer is as pan64 already stated you can't.

The bash shell stores its history as a file in the users home directory called .bash_history

To be able to create the history of commands the user has to be able to modify this file thus they can either remove this file or echo "" > .bash_history which will wipe the file's contents.

Even if you alias the command history to be something else the user can still modify or delete the file as its stored in their home directory and if you change permissions so they can't they will not be able to add to it so their history won't be recorded anyway.

Finally there is also the option for the user to change their shell which again would stop or change where their history is recorded if its recorded at all.


Cardy
 
Old 09-26-2012, 10:54 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,777
Blog Entries: 54

Rep: Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978
Quote:
Originally Posted by cardy View Post
(..) there is also the option for the user to change their shell (..)
Chsh usage could be prohibited, right?


Quote:
Originally Posted by pan64 View Post
command history of whom? If someone has right to write it, it has right also to delete it.
Quote:
Originally Posted by cardy View Post
To be able to create the history of commands the user has to be able to modify this file thus they can either remove this file or echo "" > .bash_history which will wipe the file's contents. Even if you alias the command history to be something else the user can still modify or delete the file as its stored in their home directory and if you change permissions so they can't they will not be able to add to it so their history won't be recorded anyway.
There's the "append only" file attribute?


Quote:
Originally Posted by jaipsharma View Post
(..) my question is how to find an work around for normal users. I want to list all the commands users run (..)
As you see from previous replies the possibilities for incidental and deliberate evasion make that anything you try to enforce is subject to what processes, HIST.* variables and user-owned files users can tamper with. A solution could be to take the user out of the equation, ensuring logging is set up before the shell is initialized and takes place outside of the users home using Audit rules and a shell wrapper (think rootsh). Implementing this will be invasive so it isn't something you would do unless the mandate for an audit trail outweighs possible privacy concerns and the extra amount of setup, maintenance and audit reporting involved. If you're interested please first search LQ for any "I want to log everything"-like threads as it isn't an uncommon question.
 
Old 09-26-2012, 11:51 AM   #6
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,626
Blog Entries: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by jaipsharma View Post
Agreed with what you said, but my question is how to find an work around for normal users.

I want to list all the commands users run on bash but the list of commands shouldn't get deleted, even they type "history -c".
Regular archiving of /home/$user/.bash_history to a root-only directory should help manage this.
 
Old 09-26-2012, 12:24 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,777
Blog Entries: 54

Rep: Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978
Quote:
Originally Posted by Habitual View Post
Regular archiving of /home/$user/.bash_history to a root-only directory should help manage this.
Can your advice "manage" this?
- as said before: 'history -c',
- link history file to /dev/null,
- setting HISTFILE=/dev/null HISTSIZE=0,
- use of HISTIGNORE (you don't know what you miss if you don't log it ;-p),
- log out and have 'at' create sparse file, do a 12GB seek, fill with /dev/random and replace shell history file,
- export a PROMPT_COMMAND that fscks up shell history contents,
- run commands tru crontab, procmail recipe or anything that allows escaping to the shell.

Last edited by unSpawn; 09-26-2012 at 12:26 PM.
 
Old 09-27-2012, 01:54 AM   #8
pan64
Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 5,167

Rep: Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364Reputation: 1364
What is the goal of it at all?
 
Old 09-27-2012, 07:22 PM   #9
128
LQ Newbie
 
Registered: Sep 2012
Posts: 22

Rep: Reputation: 0
Thumbs up

Quote:
Originally Posted by pan64 View Post
What is the goal of it at all?
maybe yes!

thanks unSpawn
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I restrict FTP users to specific folders on the server (CentOS 6.0) redhat19 Red Hat 1 05-03-2012 11:44 PM
Clearing Firefox History? Novatian Linux - Software 1 08-05-2011 05:08 PM
clearing commandline history grimx Slackware 2 03-07-2010 06:32 PM
Clearing history AumDiar Linux - Newbie 7 01-04-2005 12:05 AM
Need to log users command history FatSteve Linux - Security 2 07-22-2004 07:25 PM


All times are GMT -5. The time now is 03:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration