Thread: See what commands have been run on your Linux server
View Single Post

  #4 (permalink)  
Old 03-24-2008, 05:38 PM
Tux-Idiot Tux-Idiot is offline
Member
User
  
Join Date: Mar 2008
My distro: Debian, Slackware, LFS
Posts: 83
Rep Power: 1
Tux-Idiot is on a distinguished road
Default
Quote:
Originally Posted by monk View Post
keep in mind that smart user can delete history file or just link it back to /dev/null, a better way is to configure process and command auditing

How to keep a detailed audit trail of what’s being done on your Linux systems
joe@localpub# cat >> .bashrc << EOF
EXPORT REMP="ping -c 10 IP.ADD.RE.SS"
EOF
joe@localpub# source .bashrc

i grep from the ICMP/IPtables log who has pinged me 10 times. i dont even appear in your .bash_history or parse the ping -c 10 IP.ADD.RE.SS from egress traffic log at startup/shutdown. now you audit. :-p
Reply With Quote