On Wed, 16 Aug 2000, Sridhar wrote:
hi i've written a script that logs all the commands execurited by a user, his terminal, the time, the direcotry... i dont use the bash_history but the history itself. now the question is will the history be reliable, will it be moreuseful than .bash_history , will it be legal. also because the script is execurted as the user itself, i'm forced to append the command history to a file which has chattr +a attribute set. so the user can put anything in the file. any ideas to make it stealthy ?, btw, i'm using prompt_command varialble.
perhaps you will find ojnk's patch for bash stealthy enough.. it's available at http://ojnk.sourceforge.net/ and here's what it says in the readme file: This patch to bash will: * Log all user commands to (by default) /var/log/histories/<pw_name> (I chown each user's logfile to them, chmod 200 it and set it append-only) * Disallows (and logs) execution attempts when: * uid != euid * gid != egid * stdin is a socket (this will break programs such as rsh) * Implements a high uid and gid such that if the shell is executed with a uid or gid higher than that limit, the shell will close and log the attempt. (I run network daemons with a high gid) -- _ _ _|_ o._ o _ _)(_) |_ || |_>