07-17-2013 12:56 AM
Hi ,
Am using following entry in my /etc/profile to capture commands ran by a users in our 11iv2 servers:
export LOGINNAME=`who am i | awk '{print $1}'`export HISTFILE="/var/tmp/hist_`date +%y%m%d.%H%M%S`.${LOGINNAME}.$LOGNAME.$$"
My question is all users are able to see this setting when they log in using "env" variable ,
is there any way such that the user will never come to know as to were am i logging his/her history ???
07-17-2013 01:25 AM - edited 07-17-2013 01:27 AM
>is there any way such that the user will never know as to were am I logging his/her history?
No. The history mechanism is not meant to be the security police.
If you unset it at the end of /etc/profile, then the user could change it and start a new shell.
07-17-2013 01:26 AM
Ok.
Can i move the entries to a location which has root access only ?
07-17-2013 01:28 AM
>Can I move the entries to a location which has root access only?
No, the user would no longer be able to write to it. Nor read it to look at his history.
07-17-2013 04:02 AM
We do not want to enable auditing which will create large junk files.
Instead do we have option of rotating those log files ?
Can i copy it instead of moving it?
07-17-2013 05:06 AM
>Instead do we have option of rotating those log files?
Are you now talking about auditing or about the history file?
07-17-2013 06:23 AM
Hi Dennis ,
Rotating am asking for audit files.
And if we can copy history , that would be really great .
07-18-2013 05:08 AM
Hi Guys,
Awating reply .
