1833871 Members
1792 Online
110063 Solutions
New Discussion

Protect history file

 
Roro_2
Regular Advisor

Protect history file

Hi,
I am working on rx1620 server running HPUX 11i v2 ( june 2006) ; for every user ( root and others ) a corresponding shell cmmand history file created in a directory.
I would like to protect the history files because the users are able to delete them from the above directory ( directory permission -wx,-wx,-wx).
How can i protect the files from deletion ;
Is there any other solution.

Thanks and Regards

Roger

3 REPLIES 3
Maxim Yakimenko
Super Advisor

Re: Protect history file

What is the reason for this? Why you dont want to allow users to delete their own files? What is "above directory"? History file as I know gets created in home dir of user, or I dont know something? If in home directory why permissions of home set to -wx,-wx,-wx? I think it is more preferable to setup concrete groups and set perms to "all for user", "read-exec for his group" or "all for group" if it is a case, "nothing for others".
Matti_Kurkela
Honored Contributor

Re: Protect history file

The shell command history file is just a convenience feature. It is not a reliable source for auditing user actions, as it can easily be circumvented.

Because the user can write to the file, he/she can always _overwrite_ it with the data of his/her choice. Some shells will keep the history data in memory during the session and only write it out when the user exits the shell. If the user "kill -9":s his/her shell, there will be no record at all about the killed session in the history file.

If you need a reliable log of the users' actions, you have to use the audit subsystem of HP-UX or install some tool that is specifically made for this purpose.

MK
MK
Roro_2
Regular Advisor

Re: Protect history file

Hello MK,
Thanks a lot for your concern.
Could you help me and tell me how to implement HPUX auditing and how to trace shell users commands from audit files.

Regards

Roger