Tuesday, February 21, 2017

Keeping separate history files for users who su to root

Keeping separate history files for users who su to root


THIS IS NOT INTENDED TO BE USED AS A SECURITY SOLUTION.
If youre like me and work for a company who has many linux admins all logging into servers and then suing to root, you may find this tip beneficial. It is simply 3 lines that you add to roots .bash_profile which will keep separate history files for each admin that sus to root and the commands they ran. It will allow you to go back and see what the user did as root. Granted the user could delete the history file, but we are only interested in keeping separate history files and going back to review if necessary. You may need to implement a policy or have an agreement with the admins which states no one will delete the history files.

So if youre ready to try this out, fire up vi and add the below lines to roots .bash_profile

export HISTSIZE=3000
export HISTFILESIZE=5000
export HISTFILE=/root/.bash_hist-$(who am i | awk {print $1};exit)

Save the file and youre good to go. Now when an admin logs in, sus to root and logs out; a hidden file will be created in the root directory called .bash_hist-userid

Heres an example:

If user jsmith logged in and then sud to root, you would see a file called .bash_hist-jsmith in the root home directory after the user logs out. Hope this helps :)

This tip is courtesy of my senior admin Steve V.

Have fun!

Available link for download

Posted by at
Labels: , , , , , , , , ,