The Bash history can get deleted just by deleting the file which contains. How can I protect the history from being cleared / deleted?
Ubuntu – How to make Bash history undeleteable
bashhistory
Related Question
- Ubuntu – Bash history handling with multiple terminals
- Ubuntu – How to clear bash history completely
- Ubuntu – bash doesn’t keep history
- Ubuntu – Bash History not containing all history and blank after reboot, how to resolve
- Ubuntu – How to see time stamps in bash history
- Ubuntu – What’s the difference between “history -w” and the action of closing a shell session
Best Answer
What you ask can be done with ...
This will set the "append only" for
.bash_history
and "immutable bit" for.profile
and even root can not delete or truncate the file unless that bit is removed. The 2nd command prevents the user from editing the settings for.profile
.Next put this in
/etc/bash.bashrc
or/etc/.profile
:That will lock down most simple actions a user could make to mess this up. But it wont stop the more experienced users ...
CAP_LINUX_IMMUTABLE
capability can remove the immutable bitkill -9 $$
. That command will prevent writing to history.So what you ask is rather pointless. If you do not trust your users do not let them on your system.
If this question was created to tract actions by hackers... you can totally forget about this; they are not likely to use bash when they are on your system and this history only works with bash.
A far superior option would be to use grsecurity or to install acct (The GNU Accounting Utilities).