[CentOS] How protect bash history file, do audit alike in server
m.roth at 5-cent.us
m.roth at 5-cent.us
Wed Aug 8 17:42:31 UTC 2012
Heng Su wrote:
> hello,
>
> I want to protect the history file from deleted for all users except
> user 'root' can do it, is that possible?
> For my server, many users can log in with root from remote through
> ssh, so I can not trace which guy do wrong things. So I decide to create
> new account for every users and let them use 'sudo' then I can trace
> which guy typed which command and what he did. However, even if I create
> new account for every user, they also can delete the history of them
> self easily.
>
> How should I do. I believe everyone encountered such things
> normally. I think there is a gracefully solution for it as I am not
> experience on server manage. So any suggestions for how to trace user
> like to write down which user did as an audit trail and let it can not
> deletable exclude root user?
So, you've got someone inside, who's doing nasty, or stupid, things?
The most obnoxious, stupid idea I've had to deal with was a few years ago,
when the company I was subcontracting for put something in the .profile to
log every. single. command. a developer issued....
However, since you've set up sudo for them, their commands should *also*
be in /var/log/secure. Of course, what you need is a script to grab that,
and attach to it which user had sudo'd.
Hmmm, as I type that, I just got to thinking: do they need all root
privileges, or do specific users only need certain commands? If so, it's
easy enough to limit what commands they're allowed to run under sudo - man
sudoers.
mark
More information about the CentOS
mailing list