[CentOS] How protect bash history file, do audit alike in server
Gordon Messmer
yinyang at eburg.com
Sun Aug 12 00:37:31 UTC 2012
On 08/08/2012 11:34 AM, Brian Mathis wrote:
> Capturing history files is error-prone and a very bad way to approach
> this problem. You should instead look into using process accounting,
> provided by the psacct package. You can read about it here:
> http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html
+1
bash_history is not a log for the admin, it's a convenience for the
user. Users who want to hide their tracks can unset HISTFILE or switch
to a different shell. Process accounting is the only solution that's
even remotely reliable.
More information about the CentOS
mailing list