1

is there a way to stream/monitor/log bash history to prevent the ability of someone hiding stuff?

would like to monitor and know every little thing that happens so that the list of commands and edited files can be checked and watched.

Would rsync be an ideal way or is there an actual program that can be installed.

Nikki Wilson
  • 101
  • 1
  • 7

4 Answers4

3

No you can't, primarily because it's trivial for any user to prevent bash from writing the history file in the first place.

If you really want to audit system activity, use the auditd daemon; that's what it's for.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
0

You'd probably have to modify the bash shell programming to do what you want. Although there is history provided by the bash shell, this can be easily overridden by the user. Of course, then from bash a user could go to another shell without logging.

mdpc
  • 11,698
  • 28
  • 51
  • 65
0

But if bash was the only shell available to the user, it could still work. Perhaps by using a cron job to rsync the history file periodically. It would be quite easy to tamper with the file in 1 minute however.

An Alternative: Setup a named pipe called ~/.bash_history which uses netcat to forward the commands from bash to a remote host?

GeoSword
  • 1,647
  • 12
  • 16
0

Look into Extended file attributes - Wikipedia, the free encyclopedia, this will help you keep your user's .bash_history file without tempering with it.

alexus
  • 12,342
  • 27
  • 115
  • 173