System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Capture commands ran by a user

chindi
Respected Contributor

Capture commands ran by a user

Hi ,

 

Am using following entry in my /etc/profile to capture commands ran by a users in our 11iv2 servers:

export LOGINNAME=`who am i | awk '{print $1}'`
export HISTFILE="/var/tmp/hist_`date +%y%m%d.%H%M%S`.${LOGINNAME}.$LOGNAME.$$"

 

My question is all users are able to see this setting when they log in  using "env" variable ,

is there any way such that the user will never come to know as to were am i logging his/her history ???

7 REPLIES
Dennis Handly
Acclaimed Contributor

Re: Capture commands ran by a user

>is there any way such that the user will never know as to were am I logging his/her history?

 

No.  The history mechanism is not meant to be the security police.

If you unset it at the end of /etc/profile, then the user could change it and start a new shell.

chindi
Respected Contributor

Re: Capture commands ran by a user

Ok.

Can i move the entries to a location which has root access only ?

Dennis Handly
Acclaimed Contributor

Re: Capture commands ran by a user

>Can I move the entries to a location which has root access only?

 

No, the user would no longer be able to write to it.  Nor read it to look at his history.

chindi
Respected Contributor

Re: Capture commands ran by a user

We do not want to enable auditing which will create large junk files.

Instead do we have option of rotating those log files ?

 

Can i copy it instead of moving it?

Dennis Handly
Acclaimed Contributor

Re: Capture commands ran by a user

>Instead do we have option of rotating those log files?

 

Are you now talking about auditing or about the history file?

chindi
Respected Contributor

Re: Capture commands ran by a user

Hi Dennis ,

Rotating am asking for audit files.

 

And if we can copy history , that would be really great .

chindi
Respected Contributor

Re: Capture commands ran by a user

Hi Guys,

 

Awating reply .