Enhancing System Security with Secondary Logging Linux Shell

Servers
, ,
1

The secondary logging Linux shell is a feature that helps track and record the commands executed by users in the system. It ensures a comprehensive log of user activity, which can be valuable for security and auditing purposes. By implementing this feature, you can monitor and review the commands executed by users, allowing for better accountability and troubleshooting.

To enable the secondary logging Linux shell, follow these steps:

  1. Edit the /etc/profile file, which contains system-wide environment variables and settings:

    vi /etc/profile

  2. Add the following lines to the file:

    # Secondary logging Linux shell
export HISTSIZE=5000
From=$(who am i | awk '{print $1}')
TO=$(whoami)
[ -d /var/log/history/$TO ] || mkdir -p /var/log/history/$TO
chmod 700 /var/log/history/$TO
export PROMPT_COMMAND=' echo "$(date "+%Y-%m-%d.%H:%M:%S") $(pwd) $(history 1) " >> /var/log/history/$TO/.bash_history.$From.$TO.$(date "+%Y-%m-%d") '

    These lines perform the following actions:

    • Set the HISTSIZE environment variable to 5000, which determines the maximum number of commands to store in the command history.
    • Retrieve the username of the user currently logged in (From) and the username of the active user (TO).
    • Create a log directory specific to each user under /var/log/history if it doesn’t already exist.
    • Set the appropriate permissions on the log directory to ensure privacy and security.
    • Configure the PROMPT_COMMAND environment variable, which specifies a command to be executed before displaying each command prompt. In this case, it records the date, current working directory, and the most recent executed command to a file in the user’s log directory.

  3. Save the file and exit the editor.

After making these changes, the secondary logging Linux shell will start recording the commands executed by users in their respective log directories under /var/log/history/. This information can be used for various purposes, including security analysis, troubleshooting, and compliance auditing.

Note: The steps provided here are compatible with Red Hat Linux and Ubuntu distributions, ensuring a consistent logging experience across different systems.