[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Saving command history for non-interactive shell
From: |
Lars Peterson |
Subject: |
RE: Saving command history for non-interactive shell |
Date: |
Fri, 16 Mar 2012 16:39:13 +0000 |
Thanks Greg.
I get what you're saying about the futility of recording everything users do.
And I'm not interested in setting up a big brother / spy machine that will
invoke the wrath of the Unix gods.
I'm not interested in security here...just auditing. We have a lot of scripts
and commands that run from remote machines and I was just hoping that there was
a way to capture their history on the server side vs the clients and
workstations. I realize that this is semi-doable via an audit of syslog's
AUTHPRIV facility; it makes forensics much easier to have everything stored in
the shell's history though.
Think I'll take a pass on using the SYSLOG_HISTORY approach -- compiling a
customized bash sounds like trouble.
-Lars
-----Original Message-----
From: Greg Wooledge [mailto:wooledg@eeg.ccf.org]
Sent: Friday, March 16, 2012 9:56 AM
To: Lars Peterson
Cc: bug-bash@gnu.org
Subject: Re: Saving command history for non-interactive shell
On Fri, Mar 16, 2012 at 02:33:35PM +0000, Lars Peterson wrote:
> Is there a way to configure bash so that commands from a
> non-interactive shell are preserved in the history? I'm more
> interested in saving commands invoked via ssh vs shell scrpts.
>From CHANGES, for bash 4.1:
l. There is a new configuration option (in config-top.h) that forces bash to
forward all history entries to syslog.
However, that only applies to commands that bash is already adding to its
history. So you'd also have to do a "set -o history" command at some point,
since non-interactive shells don't do that by default.
That might be tricky to arrange.
And of course you'd have to force the ssh user to use your specially compiled
bash with the SYSLOG_HISTORY option, and not some other shell.
If the larger context is "I want to know everything my users are doing", you're
going to end up frustrated. Unix simply wasn't designed to lock users down.
Quite the opposite -- it was designed to give users full power. Users can make
system calls without going through a shell, by writing C code and so on. They
can also invoke processes without using a shell, if processes are the thing you
actually want to track, rather than, for instance, file system operations.
If any of the above resembles your actual goal, then you need to look into
"accounting" ("process accounting", etc.). It's a huge topic, and logging
shell commands doesn't even come close to addressing it.