bash commands
 

I'm not sure if this would involve security (I do though. Please let me know if it is otherwise). Everyone knows by now it is advisable not to log in as root to perform system maintenance or run various commands as it could do more harm than good. I was wondering is it possible to have bash prompt me say twice when I enter any command e.g. I run the command shutdown -h now. Is it possible to have bash prompt me "Are you sure that you want to run that command"?

Secondly, is it possible to log bash commands for a particular user 1) log only certain chosen commands 2) log every command

Not sure about the first, but as for the second, you could grep a user's .bash_history for any commands you want to keep track of.

<< EDIT >>

Just had a thought on the first... Create your own shell scripts and put them in your ~/bin directory. It would contain your "Do you really...?" query, and run the specific command if you answered yes.

It would even save you keystrokes if you named it something similar, but easily [TAB]-completed... "shutoff.sh" runs the query and "shutdown -h now".

Yes It is possible but for that you have to have a well written bach script which will get a command from you and then checks your decision and then run the command. An simple scripting idea I am giving you below

if [1 != ""] then
echo "Do You Really Want To Execute That Command [Y/N]: "
read $dec
if[ $dec = "Y" | $dec ="y"] then
/bin/sh $dec

then place this script in you "bin" of your home for every command you want to check. and then do
PATH=/yourhome/bin:$PATH
export PATH

there might be some errors in the script but I have just given you a rough idea

To log user commands you should look into BSD style process accounting (just using .bash_history is not reliable, since a user can edit their .bash_history or disable it altogether). You'll need support for process accounting compiled into your kernel and the user space tools installed on your machine. Then read the man pages for accton and lastcomm and you should be set.

Thank you all for your replies and suggestions.

quote:
----------------------------------------------------------------------
To log user commands you should look into BSD style process accounting (just using .bash_history is not reliable, since a user can edit their .bash_history or disable it altogether). You'll need support for process accounting compiled into your kernel and the user space tools installed on your machine. Then read the man pages for accton and lastcomm and you should be set.
----------------------------------------------------------------------

btmiller,

Could you further elaborate your answer as to how I could follow a BSD style of processing user commands? Thank you.