NOT escaping bash history
When some user logouts, the history of his commands got written to $HOME/.bash_history
If for some reason the user unsets his enviroment variable $HISTFILE the history is lost and it cannot be viewed what he has done while he was logged in. My question is, can I in some way prevent him for hiding his history? The shell is bash. Something like doesn't allowing him to unset enviroment variables or doesn't allowing him changing them. Normally he can hide this via unset $HISTFILE or export $HISTFILE=/dev/null Any ideas? |
heh, yes it's easy.....just move the users bash_history to a directory that only YOU know where and make a symlink back to the users ~/home.....that way the user has access and can write to it but, the user cannot delete it or erase it........LOL
|
Yeah, right up to the point he types in "echo $HISTFILE"
Even then, it doesn't stop the user from actually turning off bash's recording. I don't believe it's possible. Even if you do manage to stop your user from turning off the history, he can always edit the history file with a text editor. Or switch to a different shell. Or use a USB key with its own version of Bash that completely bypasses your computer's protections. etc. etc. |
Quote:
|
All times are GMT -5. The time now is 02:17 PM. |