linux eternal bash history all users secured

I use this on my unix/linux boxes for eternal bash history for all users (place in /etc/bashrc)

if [ "$BASH" ]; then
        export HISTTIMEFORMAT="%Y-%m-%d_%H:%M:%S "
        export PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND ; }"'echo "`date +'%y.%m.%d-%H:%M:%S:'`" $USER "("$ORIGINAL_USER")" "COMMAND: " "$(history 1 | cut -c8-)" >> /var/log/bash_eternal_history'
        alias ehistory='cat /var/log/bash_eternal_history'
        readonly PROMPT_COMMAND
        readonly HISTSIZE
        readonly HISTFILE
        readonly HOME
        readonly HISTIGNORE
        readonly HISTCONTROL
fi

Then as root run the commands:

touch /var/log/bash_eternal_history
chmod 777 /var/log/bash_eternal_history
chattr +a /var/log/bash_eternal_history

on BSD freebsd the last command won’t work, use this instead:

# find /var/log -type f -name 'bash_eternal_history' -exec chflags uappnd {} \;

3 comments to linux eternal bash history all users secured

  • Alex

    export PROMPT_COMMAND=”${PROMPT_COMMAND:+$PROMPT_COMMAND ; }”‘echo “`date +’%y.%m.%d-%H:M:%S:’`” $USER “(“$ORIGINAL_USER”)” “COMMAND: ” “$(history 1 | cut -c8-)” >> /var/log/bash_eternal_history’

    should be
    export PROMPT_COMMAND=”${PROMPT_COMMAND:+$PROMPT_COMMAND ; }”‘echo “`date +’%y.%m.%d-%H:%M:%S:’`” $USER “(“$ORIGINAL_USER”)” “COMMAND: ” “$(history 1 | cut -c8-)” >> /var/log/bash_eternal_history’

    You’re missing a % before the M after “`date” which puts an M in the entry instead of the minute.

    Who’s got your back? This guy.

  • ssstonebraker

    Another alternative with syslog (only for root user):
    http://jablonskis.org/2011/howto-log-bash-history-to-syslog/

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>