HPE Community
Operating System - HP-UX
1822143 Members
3515 Online
109640 Solutions
New Discussion юеВ

Deleting History file.

 
SOLVED
Go to solution
Roro_2
Regular Advisor

тАО10-27-2010 09:55 PM

тАО10-27-2010 09:55 PM

Deleting History file.

Hello,

Our customer wants to record all shell commands of root and non-root users, and he don't want any user from deleting the .sh_history file.
NB : HPUX 11i v3.
Through the users profile and using HISTFILE variable i have created a directory under / and redirected all history files to it.
Also i was obliged to grant -wx-wx-wx permissions to that directory.
The problem is that the non-root user is still able to go to that directory and delete its own history file.

Please advise.

Thanks and Regards

Roger
0 Kudos
Reply
4 REPLIES 4
Dennis Handly
Acclaimed Contributor

тАО10-28-2010 12:28 AM

тАО10-28-2010 12:28 AM

Solution

Re: Deleting History file.

>the non-root user is still able to go to that directory and delete its own history file.

That's correct. And even if he couldn't remove it, he could write all over it.
If the history files are already created, That a=wx isn't needed and the user couldn't remove it.

Don't look to the shell history as a foolproof security system.
Reply
Chandrahasa s
Valued Contributor

тАО10-28-2010 07:24 PM

тАО10-28-2010 07:24 PM

Re: Deleting History file.

HI,

Define history file under /etc/profile.

Create some script which continuously take copy of history file to other directory.

Chandra
0 Kudos
Reply
V. Nyga
Honored Contributor

тАО10-29-2010 01:42 AM

тАО10-29-2010 01:42 AM

Re: Deleting History file.

>Our customer wants to record all shell commands of root
>and non-root users, and he don't want any user from
>deleting the .sh_history file.

Oh God - in which world do we live? :-)

You could collect the file contents with cron (every minute?) and zero out ( <
V.

*** Say 'Thanks' with Kudos ***
0 Kudos
Reply
eric lipede_1
Regular Advisor

тАО10-29-2010 02:58 AM

тАО10-29-2010 02:58 AM

Re: Deleting History file.

Hi
...not sure if zeroing out is a good idea as the file may be updating/ being written to when the zero out process is taking place.

The "safest" way to deal with this would be with a, dare i say intelligent script, that:

via cron
=-=-=-=-
1. copies out each history file every minute;
2. then only zeros out when the user is logged off (although, im not sure why you would want to zero out btw!!);
or

looping script
=-=-=-=-=-=-=-
1. copy out every time a change is detected in the history file;
2.taking note to only copy out the CHANGE.

This is the only way to capture ALL the entries as of course a delete may occur in the minute that the cron job isnt running....so the solution there is a job running in a loop in the back ground - controlled by cron etc.

Ok - so theres a "fix" here but ....wouldnt it be easier to load a corporate screen logger? ....seems like a lot of work but hey..the customer is always bright...i mean - right.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.