Re: How protect bash history file, do audit alike in server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Aug 8, 2012 at 12:56 PM, Heng Su <ste.suheng@xxxxxxxxx> wrote:
>     I want to protect the history file from deleted for all users except
> user 'root' can do it, is that possible?
>     For my server, many users can log in with root from remote through
> ssh, so I can not trace which guy do wrong things. So I decide to create
> new account for every users and let them use 'sudo' then I can trace
> which guy typed which command and what he did. However, even if I create
> new account for every user, they also can delete the history of them
> self easily.
>
>     How should I do. I believe everyone encountered such things
> normally. I think there is a gracefully solution for it as I am not
> experience on server manage. So any suggestions for how to trace user
> like to write down which user did as an audit trail and let it can not
> deletable exclude root user?
>
>   Thanks!
> Su Heng


Capturing history files is error-prone and a very bad way to approach
this problem.  You should instead look into using process accounting,
provided by the psacct package.  You can read about it here:
http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html


❧ Brian Mathis
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux