On 10/16/2012 05:52 PM, JD wrote:
On 10/16/2012 05:06 PM, Mark LaPierre wrote:
On 10/16/2012 02:52 AM, Tiziana Manfroni wrote:
Hi, I have some users that delete .history file (in tcsh shell), so I
can't see their commands.
Can I disable the command "unset history"?
If it is not possible, what can I do?
Thanks in advance
Tiziana
If you are creative with scripting you may be able to use tail -f to
build a scraper.
This is actually tougher than it seems.
Each user can set the name of the history file to any arbitrary name,
and place it into someplace other than the home directory, which is
what I do.
Also, see
http://administratosphere.wordpress.com/2011/05/20/logging-every-shell-command/
Also found this:
The following version of OpenSSH allows you to monitor all keystrokes
which pass through the SSH daemon. My organization (Lawrence Berkeley
National Laboratory) uses this code internally to support our science
research environments, with great success.
http://code.google.com/p/auditing-sshd/
A version of OpenSSH designed for high security installations where
it is desirable to audit user activity. To do this we modify the SSH
daemon to export information about user names, authentication,
keystrokes, file transfers, remote command execution and a variety
of SSH related metadata in as agnostic a way as possible. As an
addition to this project, we provide infrastructure via the Bro
Intrusion Detection System. The most general idea here is that a
site can generate local security policy in the Bro scripting
language and monitor in near real time user activity.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
