How to restrict all users to stop clearing command history on CentOS
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The basic answer is as pan64 already stated you can't.
The bash shell stores its history as a file in the users home directory called .bash_history
To be able to create the history of commands the user has to be able to modify this file thus they can either remove this file or echo "" > .bash_history which will wipe the file's contents.
Even if you alias the command history to be something else the user can still modify or delete the file as its stored in their home directory and if you change permissions so they can't they will not be able to add to it so their history won't be recorded anyway.
Finally there is also the option for the user to change their shell which again would stop or change where their history is recorded if its recorded at all.
(..) there is also the option for the user to change their shell (..)
Chsh usage could be prohibited, right?
Quote:
Originally Posted by pan64
command history of whom? If someone has right to write it, it has right also to delete it.
Quote:
Originally Posted by cardy
To be able to create the history of commands the user has to be able to modify this file thus they can either remove this file or echo "" > .bash_history which will wipe the file's contents. Even if you alias the command history to be something else the user can still modify or delete the file as its stored in their home directory and if you change permissions so they can't they will not be able to add to it so their history won't be recorded anyway.
There's the "append only" file attribute?
Quote:
Originally Posted by jaipsharma
(..) my question is how to find an work around for normal users. I want to list all the commands users run (..)
As you see from previous replies the possibilities for incidental and deliberate evasion make that anything you try to enforce is subject to what processes, HIST.* variables and user-owned files users can tamper with. A solution could be to take the user out of the equation, ensuring logging is set up before the shell is initialized and takes place outside of the users home using Audit rules and a shell wrapper (think rootsh). Implementing this will be invasive so it isn't something you would do unless the mandate for an audit trail outweighs possible privacy concerns and the extra amount of setup, maintenance and audit reporting involved. If you're interested please first search LQ for any "I want to log everything"-like threads as it isn't an uncommon question.
Regular archiving of /home/$user/.bash_history to a root-only directory should help manage this.
Can your advice "manage" this?
- as said before: 'history -c',
- link history file to /dev/null,
- setting HISTFILE=/dev/null HISTSIZE=0,
- use of HISTIGNORE (you don't know what you miss if you don't log it ;-p),
- log out and have 'at' create sparse file, do a 12GB seek, fill with /dev/random and replace shell history file,
- export a PROMPT_COMMAND that fscks up shell history contents,
- run commands tru crontab, procmail recipe or anything that allows escaping to the shell.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.