HPE Community
Operating System - HP-UX
1753569 Members
5900 Online
108796 Solutions
New Discussion юеВ

security in .sh_history

 
Daniel Piedras_1
Occasional Contributor

тАО02-09-2005 09:26 AM

тАО02-09-2005 09:26 AM

security in .sh_history

the question is that the user doesn't see what you/he/she/it register in the .sh_history, and that single [root] could see this.
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО02-09-2005 09:46 AM

тАО02-09-2005 09:46 AM

Re: security in .sh_history

Kind of a cryptic post. No question mark either.

root can see any file the person logged on as root wants. Thats a fact that does not change.

The umask parmeter controls default permissions when a new file is created. If you set that in /etc/profile when new users are created, permissions will be the way you want on .sh_history

chmod 700 .sh_history so long as the user owns it.

If root owns it, permissions need to be more flexible.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Florian Heigl (new acc)
Honored Contributor

тАО02-09-2005 09:49 AM

тАО02-09-2005 09:49 AM

Re: security in .sh_history

set it
-w------ user:staff .sh_history

but - this won't get You anywhere. The history works only as long as it is *readable*!

but You can have a single history for every user - I think this is the way You should go.

the variable is $HISTFILE and You could use /etc/profile to set it by e.g.

WHO=`whoami`
HISTFILE="~$WHO/.sh_history"
HISTSIZE=2048

touch and chown it for every user to come.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
Daniel Piedras_1
Occasional Contributor

тАО02-09-2005 11:33 AM

тАО02-09-2005 11:33 AM

Re: security in .sh_history

Thanks

Regards
0 Kudos
Reply
Andrew Cowan
Honored Contributor

тАО02-09-2005 06:27 PM

тАО02-09-2005 06:27 PM

Re: security in .sh_history

Do you mean that you want a new ".sh_history" file everytime that someone logs-in/su's to root? If this is the case simply add a few lines to your ".profile" to change the name of the ".sh_history" to do something like append the date and time, or the IP-Address or username of the user.
You also add a "trap" to call a file such as ".kshexit" that moves or renames the file so it can be stored for auditing purposes.

There are a lot of projects knocking around that are trying to create a kind of flight-recorder for root's actions, however there can be serious privacy issues surrounding this aproach, so make sure that it complies with your local legislation.
0 Kudos
Reply
TEC-HP
Frequent Advisor

тАО02-09-2005 06:57 PM

тАО02-09-2005 06:57 PM

Re: security in .sh_history

Hi Daniel,

Think we are looking for the same: Command Auditting http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=805145

apearantly there is a possibility to recompile bash (don't know yet how) to log all interactive commands into a sepparate file. But then you have the support issue and of course as Andrew stated: legislation
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.