The primary purpose of the history feature in the shell is user convenience. It is *not* designed as a complete, secure command log, although it's sometimes used as such, with varying degrees of success.
But if you need a command log for security/auditing purposes, one of the obvious requirements is that the user whose actions are being logged must not have write access to the log. To implement this, you may need some help from someone with root privileges.
The utilities "rootsh" and "sudosh" are mostly designed to be used with sudo, but the documentation of sudosh says it can be used as a shell too. Both utilities are similar in principle, but their feature sets are slightly different: they act as a "flight recorder" for a shell session, recording all user-visible input & output in the session.
If you don't have root access, you might have to compile a customized version of rootsh/sudosh; the most important customization would be to point the configuration file location and log destination to someplace that is writable by your non-root account.
http://sourceforge.net/projects/rootsh/files/http://sourceforge.net/projects/sudosh2/files/If you cannot change the shell of the non-root account, you would have to start sudosh/rootsh from the user's .profile or equivalent login script.
Both sudosh and rootsh can use syslog for logging: since the standard syslog logfiles are not writeable by regular users, this might be one way to send your command log to a secure location.
If you cannot compile sudosh/rootsh, the HP-UX standard command "script" can provide the "flight recorder" function, although you would have to write a more complicated login script for it to generate a new logfile name for each session. Also, securing the log may be tricky or impossible.
If you need to start your recording tool of choice from a login script, you should be careful: all these commands will start a new shell. If it also runs the login script, you'll end up with infinite recursion: login shell -> recording tool -> shell -> tool -> shell -> tool...
MK
MK
