Hi,
I have a unix server and I am concerned about the security on that server.
I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history.
I was thinking about firing or triggering that bacth script upon the call to history. Is this doable and if not are there any other alternatives?
but the fc -l command works similarly to the history command.
once someone runs history -c, all the entries in the history file are deleted. This is why I need to write my own history script that runs in the background, or an easier solution would be to run a script that saves the entries in the history file in another file before erasing the history file.
Writing the script is trivial, what is not trivial to me is triggering the script when the history -c command is run.
Well from my knowledge there is no #history command. it is an alias to #fc command.
Solutions to your problem
create an entry in crontab. which backsup the history file every few minutes or everytime the history file is updated.
On some versions of Linux and Solaris (possibly old Solaris versions), a process accounting scheme can be made available. I know that I once used this mechanism on Sun boxes to tabulate command usage ... cheers, drl
If the kernel is built with the process accounting option enabled (
CONFIG_BSD_PROCESS_ACCT ), then calling acct(2) starts process account-
ing, for example:
acct("/var/log/pacct");
When process accounting is enabled, the kernel writes a record to the
accounting file as each process on the system terminates.
more in chapters 2 and 5 man acct