On Wed, 16 Aug 2000, Sridhar wrote:
i've written a script that logs all the commands execurited by a user, his terminal, the time, the direcotry... i dont use the bash_history but the history itself. now the question is will the history be reliable, will it be moreuseful than .bash_history , will it be legal. also because the script is execurted as the user itself, i'm forced to append the command history to a file which has chattr +a attribute set. so the user can put anything in the file. any ideas to make it stealthy ?, btw, i'm using prompt_command varialble.
Hello cheedu (or Sridhar), I don't know if this is legal, but some little thoughts about the other points: - a webcam behind the terminal (hidden of course) is also a very good choice ;) - who will read /tmp/comlog, you have already enough in /var/log - if someone gets root and forgot to look into the environment (HISTFILE etc), the you can get him just by his .bash_histfile. If he is not too bad, he will delete his traces, all. - you can execute commands also via a lot of applications (X-clients etc), that don't leave traces like in histfile etc Résumé: don't do it, it's not useful, and nobody likes the "Big Brother" Cheers, Peter -- Peter Münster http://w3pm.stormloader.com/ *** Sign now: http://petition.eurolinux.org/ ***