HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Capture commands ran by a user

 
chindi
Respected Contributor

Capture commands ran by a user

Hi ,

 

Am using following entry in my /etc/profile to capture commands ran by a users in our 11iv2 servers:

export LOGINNAME=`who am i | awk '{print $1}'`
export HISTFILE="/var/tmp/hist_`date +%y%m%d.%H%M%S`.${LOGINNAME}.$LOGNAME.$$"

 

My question is all users are able to see this setting when they log in  using "env" variable ,

is there any way such that the user will never come to know as to were am i logging his/her history ???

7 REPLIES

Re: Capture commands ran by a user

>is there any way such that the user will never know as to were am I logging his/her history?

 

No.  The history mechanism is not meant to be the security police.

If you unset it at the end of /etc/profile, then the user could change it and start a new shell.

chindi
Respected Contributor

Re: Capture commands ran by a user

Ok.

Can i move the entries to a location which has root access only ?

Re: Capture commands ran by a user

>Can I move the entries to a location which has root access only?

 

No, the user would no longer be able to write to it.  Nor read it to look at his history.

chindi
Respected Contributor

Re: Capture commands ran by a user

We do not want to enable auditing which will create large junk files.

Instead do we have option of rotating those log files ?

 

Can i copy it instead of moving it?

Re: Capture commands ran by a user

>Instead do we have option of rotating those log files?

 

Are you now talking about auditing or about the history file?

chindi
Respected Contributor

Re: Capture commands ran by a user

Hi Dennis ,

Rotating am asking for audit files.

 

And if we can copy history , that would be really great .

chindi
Respected Contributor

Re: Capture commands ran by a user

Hi Guys,

 

Awating reply .