[CentOS] How protect bash history file, do audit alike in server

Sun Aug 12 00:37:31 UTC 2012
Gordon Messmer <yinyang at eburg.com>

On 08/08/2012 11:34 AM, Brian Mathis wrote:
> Capturing history files is error-prone and a very bad way to approach
> this problem.  You should instead look into using process accounting,
> provided by the psacct package.  You can read about it here:
> http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html


bash_history is not a log for the admin, it's a convenience for the 
user.  Users who want to hide their tracks can unset HISTFILE or switch 
to a different shell.  Process accounting is the only solution that's 
even remotely reliable.