Is it possible to audit the disabling of bash history or environment variables
I've seen a number of posts by Anonymous detailing how they have hacked into some of their victims. The first thing they do when they get a shell is disable the bash history.
It seems that set, unset, and history are "internal" commands to the OS and don't have an executable associated with them. Is there a way to audit users who unset their history file or run history -c?