[CentOS] How protect bash history file, do audit alike in server

Harold Pritchett harold at uga.edu
Wed Aug 8 17:17:10 UTC 2012


Use remote logging to a second machine which only you have access to.

http://www.linuxjournal.com/content/creating-centralized-syslog-server

Harold

8/8/2012 12:56 PM, Heng Su wrote:
> hello,
>
>      I want to protect the history file from deleted for all users except
> user 'root' can do it, is that possible?
>      For my server, many users can log in with root from remote through
> ssh, so I can not trace which guy do wrong things. So I decide to create
> new account for every users and let them use 'sudo' then I can trace
> which guy typed which command and what he did. However, even if I create
> new account for every user, they also can delete the history of them
> self easily.
>
>      How should I do. I believe everyone encountered such things
> normally. I think there is a gracefully solution for it as I am not
> experience on server manage. So any suggestions for how to trace user
> like to write down which user did as an audit trail and let it can not
> deletable exclude root user?
>
>    Thanks!
>





More information about the CentOS mailing list