On 08/08/2012 11:34 AM, Brian Mathis wrote: > Capturing history files is error-prone and a very bad way to approach > this problem. You should instead look into using process accounting, > provided by the psacct package. You can read about it here: > http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html +1 bash_history is not a log for the admin, it's a convenience for the user. Users who want to hide their tracks can unset HISTFILE or switch to a different shell. Process accounting is the only solution that's even remotely reliable. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: How protect bash history file, do audit alike in server
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: How protect bash history file, do audit alike in server
- From: Gordon Messmer <yinyang@xxxxxxxxx>
- Date: Sat, 11 Aug 2012 17:37:31 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <CALKwpEx1jQr4woeSB-aB+_XFWVM5MQYGQ+rCwqmWDEw2_1Gxzg@mail.gmail.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0
- References:
- How protect bash history file, do audit alike in server
- From: Heng Su
- Re: How protect bash history file, do audit alike in server
- From: Brian Mathis
- How protect bash history file, do audit alike in server
- Prev by Date: Re: Missing dependency in C6 ISO
- Next by Date: Re: compare zfs xfs and jfs o
- Previous by thread: Re: How protect bash history file, do audit alike in server
- Next by thread: Update to EL 6.3 breaks TCP NFS automounts
- Index(es):
 |