View Single Post
  #1  
Old 28th June 2012, 08:10
responsys_cm responsys_cm is offline
Junior Member
 
Join Date: Jun 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Is it possible to audit the disabling of bash history or environment variables

I've seen a number of posts by Anonymous detailing how they have hacked into some of their victims. The first thing they do when they get a shell is disable the bash history.

It seems that set, unset, and history are "internal" commands to the OS and don't have an executable associated with them. Is there a way to audit users who unset their history file or run history -c?

Thx.

Craig
Reply With Quote
Sponsored Links