Re: Securing Debian Manual: 4.10.9.2 Using the shell history file

[Martin Steigerwald <Martin@lichtvoll.de>]

Am Donnerstag, 8. März 2012 schrieb Stayvoid:
> Hello.

Hi Stayvoid,

> "Note that you could introduce the configuration above in the user's
> .profile. But then you would need to setup permissions properly in
> such a way that prevents the user from modifying this file. This
> includes: having the user's home directories not belong to the user
> (since he would be able to remove the file otherwise) but at the same
> time enable them to read the .profile configuration file and write on
> the .bash_history. It would be good to set the immutable flag (also
> using chattr) for .profile too if you do it this way."
> How to make this?
>
> 
> http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html

Well its explained there in quite a good detail.

The command for changing attributes is mentioned some sentences above and 
if you want to tackle anything out of this manual, you´d properly better 
know how to change permissions on files and directories. I think such basic 
stuff does not belong here. Security is no cut&paste thing IMHO, but 
involves *understanding* whats going on.

Forcing users to keep their history might rise legal privacy protection 
issues.

Ciao,
-- 
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7