I use this on my unix/linux boxes for eternal bash history for all users (place in /etc/bashrc)

if [ "$BASH" ]; then
        export HISTTIMEFORMAT="%Y-%m-%d_%H:%M:%S "
        export PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND ; }"'echo "`date +'%y.%m.%d-%H:%M:%S:'`" $USER "("$ORIGINAL_USER")" "COMMAND: " "$(history 1 | cut -c8-)" >> /var/log/bash_eternal_history'
        alias ehistory='cat /var/log/bash_eternal_history'
        readonly PROMPT_COMMAND
        readonly HISTSIZE
        readonly HISTFILE
        readonly HOME
        readonly HISTIGNORE
        readonly HISTCONTROL
fi

Then as root run the commands:

touch /var/log/bash_eternal_history
chmod 777 /var/log/bash_eternal_history
chattr +a /var/log/bash_eternal_history

on BSD freebsd the last command won’t work, use this instead:

# find /var/log -type f -name 'bash_eternal_history' -exec chflags uappnd {} \;

Linux Eternal Bash History One-Liner

Here is a one liner setup for eternal bash history (run as root):

sudo cat <<'EOF' > /etc/profile.d/eternal_bash_history.sh
# eternal_bash_history.sh

# Not running bash?
[ -n "$BASH_VERSION" ] || return 0

# Not an interactive shell?
[[ $- == *i* ]] || return 0


if [ "$BASH" ]; then
        export HISTTIMEFORMAT="%Y-%m-%d_%H:%M:%S "
        export PROMPT_COMMAND="${PROMPT_COMMAND:+$PROMPT_COMMAND ; }"'echo "`date +'%y.%m.%d-%H:%M%S:'`" $USER "("$ORIGINAL_USER")" "COMMAND: " "$(history 1 | cut -c8-)" >> /var/log/bash_eternal_history'
        alias ehistory='cat /var/log/bash_eternal_history'
        readonly PROMPT_COMMAND
        readonly HISTSIZE
        readonly HISTFILE
        readonly HOME
        readonly HISTIGNORE
        readonly HISTCONTROL
fi

# Set up eternal log file and allow all users to write to it
# Do not allow anyone (even root) to modify eternal log or this script
if [ "$EUID" -eq 0 ]; then
 touch /var/log/bash_eternal_history 2>/dev/null
 chmod 777 /var/log/bash_eternal_history 2>/dev/null
 chattr +a /var/log/bash_eternal_history 2>/dev/null
 chattr +a /etc/profile.d/eternal_bash_history.sh 2>/dev/null
fi
EOF

Tags: best eternal bash history, eternal bash history easy, eternal bash history howto, eternal bash history redhat, eternal bash history the right way, eternal history linux, linux eternal bash history all users secured

3 thoughts on “linux eternal bash history all users secured”

export PROMPT_COMMAND=”${PROMPT_COMMAND:+$PROMPT_COMMAND ; }”‘echo “`date +’%y.%m.%d-%H:M:%S:’`” $USER “(“$ORIGINAL_USER”)” “COMMAND: ” “$(history 1 | cut -c8-)” >> /var/log/bash_eternal_history’

should be
export PROMPT_COMMAND=”${PROMPT_COMMAND:+$PROMPT_COMMAND ; }”‘echo “`date +’%y.%m.%d-%H:%M:%S:’`” $USER “(“$ORIGINAL_USER”)” “COMMAND: ” “$(history 1 | cut -c8-)” >> /var/log/bash_eternal_history’

You’re missing a % before the M after “`date” which puts an M in the entry instead of the minute.

Who’s got your back? This guy.

ssstonebraker says:

October 10, 2011 at 11:24 am

You da man! Thank you! Updated!

Reply

Another alternative with syslog (only for root user):
http://jablonskis.org/2011/howto-log-bash-history-to-syslog/

Brakertech

linux eternal bash history all users secured

Linux Eternal Bash History One-Liner

3 thoughts on “linux eternal bash history all users secured”

Leave a Reply Cancel reply