On Wed, 16 Aug 2000, Sridhar wrote:
hi i've written a script that logs all the commands execurited by a user, his terminal, the time, the direcotry... i dont use the bash_history but the history itself. now the question is will the history be reliable, will it be moreuseful than .bash_history , will it be legal. also because the script is execurted as the user itself, i'm forced to append the command history to a file which has chattr +a attribute set. so the user can put anything in the file. any ideas to make it stealthy ?, btw, i'm using prompt_command varialble.
perhaps you will find ojnk's patch for bash stealthy enough.. it's
available at http://ojnk.sourceforge.net/ and here's what it says in the
readme file:
This patch to bash will:
* Log all user commands to (by default)
/var/log/histories/