how to disable "unset HISTORY"

Tue Oct 16 23:58:33 UTC 2012

On 10/16/2012 05:52 PM, JD wrote:
>
> On 10/16/2012 05:06 PM, Mark LaPierre wrote:
>> On 10/16/2012 02:52 AM, Tiziana Manfroni wrote:
>>> Hi, I have some users that delete .history file (in tcsh shell), so I
>>> can't see their commands.
>>> Can I disable the command "unset history"?
>>> If it is not possible, what can I do?
>>>
>>> Thanks in advance
>>>
>>> Tiziana
>>
>> If you are creative with scripting you may be able to use tail -f to 
>> build a scraper.
>>
> This is actually tougher than it seems.
> Each user can set the name of the history file to any arbitrary name,
> and place it into someplace other than the home directory, which is 
> what I do.
>
> Also, see
> http://administratosphere.wordpress.com/2011/05/20/logging-every-shell-command/ 
>
>
>
Also found this:

The following version of OpenSSH allows you to monitor all keystrokes 
which pass through the SSH daemon. My organization (Lawrence Berkeley 
National Laboratory) uses this code internally to support our science 
research environments, with great success.

http://code.google.com/p/auditing-sshd/

    A version of OpenSSH designed for high security installations where
    it is desirable to audit user activity. To do this we modify the SSH
    daemon to export information about user names, authentication,
    keystrokes, file transfers, remote command execution and a variety
    of SSH related metadata in as agnostic a way as possible. As an
    addition to this project, we provide infrastructure via the Bro
    Intrusion Detection System. The most general idea here is that a
    site can generate local security policy in the Bro scripting
    language and monitor in near real time user activity.