-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kit Gerrits wrote: > Keep in mind, that Bash does some interesting tricks with its bash_history. > (like maintaining a single history per session and fusing them afterwards). > > It might be a good idea to mail&wipe the .bash_history file upon logout. > > > If you want to use the .bash_history file for autiding: > Some O/S'es / filesystems allow write-only access to files. > This would make sure the user cannot 'edit' the file to remove any traces. > (This is usually limited to /var/log, so I don't know if it can be applied > to a single file) > Ext3 allows something close to this. Using its extended attributes you can mark a file as append only (chattr +a <file>). Only the root account can add/remove this attr. It doesn't seem to play to well when the history fills up though - if I set HISTFILESIZE and HISTSIZE both to 10, after 10 history items have accumulated it ceases to record anything. I don't think trying to use the shell history as a security audit is really going to fly. Kind regards, Bryn. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFpUWg6YSQoMYUY94RAodyAJwPqvhL6kjsuNtk+41fjCTTm42WCQCfePBG Ej02a3O1mY8reqbN/8KqRDM= =mSYq -----END PGP SIGNATURE----- -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster