Second: That's a good idea! Is bash_history effective?
Not if your intruder has root access. All bash_history does is keep a record of keyboard strokes, in a plain text file.
How would you write that script?
That's just an idea I suggested. Someone else may have one written already. I don't have one. you may be able to use perl. I'm into PHP4 at the moment.
What's "shadow password suite"?
Shadow password suite is on SuSE 8.1 CD-ROMS. logon as root and in yast you will find it under software install/delete. It seems to be installed by default on 8.1 pro. Check out the general Security Quick-Start HOWTO for Linux by Hal Burgiss. I think he mentions shadow passwords in there somewhere. Basically shadow makes an encrypted copy of your normal password files, and uses them instead of the standard ones, so making it ALOT harder for intruders to change password permissions. Your best bet is to re-install you system, and build some security measures into it before you get hacked. There's alot of security stuff on the installation CD-ROMS. Regards - Keith Roberts.