Results 1 to 9 of 9

Thread: bash history

  1. #1
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407

    bash history

    Ok, I was trying to restrict a user from editing the .bash_history file so I did a chown and chgrp to root. There was a problem here though. The file wasn't being updated after this due to the permissions. Then I changed the owner back to the user and set privileges to just be able to write and not read. It still will not update the file. I am assuming that the user must have read write access to the file for it to be updated at every logon. So my question is, how do you keep a user from changing the .bash_history file?

  2. #2
    I expect the answer is that you can't stop them editing it if you still want it to be usable, because the users shell has to be able to change it in order to store the comand history. If you are trying to log what your users are doing I am sure there are better ways.

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    122
    I'm still learning this stuff so please bear with me. I'm woundering why you want to restrict the access....I'm sure restricting it from oh say outside sources would be a good idea (Xchat says something about the bash_history when you set it to auto except files from other people.
    If your woundering about keeping the root account safe just login normally and dont su threw a shell....but I would think that it wouldn't keep the root passwd in plane txt in the bash_history. I dont know sorry if this isnt helpfull, but Im trying over here
    The internet, not just for stalkers and pervs, but for computer geeks too!

  4. #4
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    That's not what I'm worried about. I just don't want a user to do illegal stuff with an account and then easily be able to change the .bash_history file. It doesn't show any password entering or anything like that. If I typed su only that would show up in the .bash_history file. nothing else related to the command would show up. I'm pretty sure that you can make it to where a user cannot change this file. I just want to know how? That way if someone doing something on the computer does something bad and someone comes knocking on my door. I just print out the .bash_history file and the ssh log file to show them that this person was logged on at the time of the incident and they were using some weird commands. I'm sure that there are other logging features that produce the same info but I just don't want the .bash_history file being modified by the user it is giving the history of.

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    h3r3tic,

    Why not have a duplicate of the .bash_history being sent elsewhere? or use a bash shell that records items (see http://www.honeynet.org tools/resource section).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    MsMittens I believe has the best suggestion so far, make duplicates of the file...

    Since you obviously would want it tracked between changes etc... Do something like create a shell script that makes a copy of the file followed by the date and time as an extention - ergo something that would result in a copy named:

    bash.110103105443

    When its 11/01/03 at 10:54:43 am...

    and then setup a cron job to run the that script how ever often you want it to run.

    Then just go through that directory from time to time and run 'diff' command between the files and delete any that had no changes to it between runs, as they would be unneeded and wasting space...

    RRP

  7. #7
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    Thank you very much MsM and bpiedlow. I think that will definetly work, I will just have to do a little research.
    Thanks again.

  8. #8
    You can also discourage changes by strict policy guide lines. Do as MsMittens says and store a copy in a dir owned by root. If changes are made to (just write a little script to compare the two using diff)the file.... BAN the user.

  9. #9
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    Yes, Like msmittens said put it in a directory owned by root.. Also to thwart the kiddies you can chattr +a the file...
    "Serenity is not the absence of conflict, but the ability to cope with it."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •