System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Alternative to saving history

Allanm
Super Advisor

Alternative to saving history

Hi!

We have a non-root account in which history is disabled. Is there any other way to save commands that get executed through that account.

I dont have root privileges on the system.

Please suggest...

Thanks,
Allan.
8 REPLIES
Hein van den Heuvel
Honored Contributor

Re: Alternative to saving history



Hello Allan,

This is perhaps not what you want to hear, and maybe something you do already, but I find it beneficial to just keep a notepad or vi - session open to dump useful commands into.

I create one for most every (sub)project I work on with a collection of 'handy' commands.

They file often also serves me to remember roughly what I have done for a project.

Sometimes those text files also capture a timeline, sometimes they are more or less random/unsorted.
Grep, Perl, ultraedit, crimson or whatever your favorite poison is will readily find back commands as needed.

I find a central, de-coupled file, handy when working with multiple idents, or on multiple systems.

fwiw,
Hein
Dan Bolton
Frequent Advisor

Re: Alternative to saving history

If you want to save the commands entered (and their screen output) from a particular session you can use the script command to create a text record. Just execute script prior to the commands you want recorded.

#man script

I have used this method: for troubleshooting an unexpected result, to document a process that is likely to be repeated, and even as the starting point to create a shell script (that way you have the tested syntax of the commands in the correct order).

Note: Script does not actually record the keystrokes entered, only their echo back to the screen. For this and other reasons it would not be a good choice if your (unstated) intent is for auditing purposes.
...skid in sideways, chocolate in one hand, martini in the other, totally worn out and screaming, "WOO HOO what a ride!"
RickT_1
Valued Contributor

Re: Alternative to saving history

Allan,

You can try turning on logging in the software that you are using to connect to the server to record all of your session as an alternative.

Rick

Re: Alternative to saving history

Dear allan add these lines in the user profile

#vi .profile

export EDITOR=vi
export HISTSIZE= /.sh_history
export HISTSIZE=4000

dont forget to assign points

thanks
abir
Steven E. Protter
Exalted Contributor

Re: Alternative to saving history

Shalom,

You can set up putty logs to the local pc.

disabling history is a SOX violation and eventually you are going to fail an audit.

Regards,

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Allanm
Super Advisor

Re: Alternative to saving history

Shallom Steven,

Do you have some documentation regarding SOX compliance which mentions Unix history in particular?

Folks I am asking for an alternative to enabling history, I know how to enable history.

Thanks,
Allan.
Dennis Handly
Acclaimed Contributor

Re: Alternative to saving history

>I don't have root privileges on the system.

Well without root, you can't turn on auditing.
Is this your account? Otherwise you can't do much with an account you can't login to.
Matti_Kurkela
Honored Contributor

Re: Alternative to saving history

The primary purpose of the history feature in the shell is user convenience. It is *not* designed as a complete, secure command log, although it's sometimes used as such, with varying degrees of success.

But if you need a command log for security/auditing purposes, one of the obvious requirements is that the user whose actions are being logged must not have write access to the log. To implement this, you may need some help from someone with root privileges.

The utilities "rootsh" and "sudosh" are mostly designed to be used with sudo, but the documentation of sudosh says it can be used as a shell too. Both utilities are similar in principle, but their feature sets are slightly different: they act as a "flight recorder" for a shell session, recording all user-visible input & output in the session.

If you don't have root access, you might have to compile a customized version of rootsh/sudosh; the most important customization would be to point the configuration file location and log destination to someplace that is writable by your non-root account.

http://sourceforge.net/projects/rootsh/files/
http://sourceforge.net/projects/sudosh2/files/

If you cannot change the shell of the non-root account, you would have to start sudosh/rootsh from the user's .profile or equivalent login script.

Both sudosh and rootsh can use syslog for logging: since the standard syslog logfiles are not writeable by regular users, this might be one way to send your command log to a secure location.

If you cannot compile sudosh/rootsh, the HP-UX standard command "script" can provide the "flight recorder" function, although you would have to write a more complicated login script for it to generate a new logfile name for each session. Also, securing the log may be tricky or impossible.

If you need to start your recording tool of choice from a login script, you should be careful: all these commands will start a new shell. If it also runs the login script, you'll end up with infinite recursion: login shell -> recording tool -> shell -> tool -> shell -> tool...

MK
MK