- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- security in .sh_history
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 09:26 AM
тАО02-09-2005 09:26 AM
security in .sh_history
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 09:46 AM
тАО02-09-2005 09:46 AM
Re: security in .sh_history
root can see any file the person logged on as root wants. Thats a fact that does not change.
The umask parmeter controls default permissions when a new file is created. If you set that in /etc/profile when new users are created, permissions will be the way you want on .sh_history
chmod 700 .sh_history so long as the user owns it.
If root owns it, permissions need to be more flexible.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 09:49 AM
тАО02-09-2005 09:49 AM
Re: security in .sh_history
-w------ user:staff .sh_history
but - this won't get You anywhere. The history works only as long as it is *readable*!
but You can have a single history for every user - I think this is the way You should go.
the variable is $HISTFILE and You could use /etc/profile to set it by e.g.
WHO=`whoami`
HISTFILE="~$WHO/.sh_history"
HISTSIZE=2048
touch and chown it for every user to come.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 11:33 AM
тАО02-09-2005 11:33 AM
Re: security in .sh_history
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 06:27 PM
тАО02-09-2005 06:27 PM
Re: security in .sh_history
You also add a "trap" to call a file such as ".kshexit" that moves or renames the file so it can be stored for auditing purposes.
There are a lot of projects knocking around that are trying to create a kind of flight-recorder for root's actions, however there can be serious privacy issues surrounding this aproach, so make sure that it complies with your local legislation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2005 06:57 PM
тАО02-09-2005 06:57 PM
Re: security in .sh_history
Think we are looking for the same: Command Auditting http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=805145
apearantly there is a possibility to recompile bash (don't know yet how) to log all interactive commands into a sepparate file. But then you have the support issue and of course as Andrew stated: legislation