On 3/16/12 12:39 PM, Lars Peterson wrote:
> Thanks Greg.
>
> I get what you're saying about the futility of recording everything users do.
> And I'm not interested in setting up a big brother / spy machine that will
> invoke the wrath of the Unix gods.
>
> I'm not interested in security here...just auditing. We have a lot of scripts
> and commands that run from remote machines and I was just hoping that there
> was a way to capture their history on the server side vs the clients and
> workstations. I realize that this is semi-doable via an audit of syslog's
> AUTHPRIV facility; it makes forensics much easier to have everything stored
> in the shell's history though.
>
> Think I'll take a pass on using the SYSLOG_HISTORY approach -- compiling a
> customized bash sounds like trouble.
There is nothing stopping you from using history in a non-interactive
shell -- it's just not enabled by default.
Turn on history with `set -o history' and set HISTFILE and HISTSIZE as you
like. You can probably set some of the right variables in .ssh/environment
and set BASH_ENV to a file that will run the commands you want.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
