Tracking User History in Linux

In Linux system users and their work are tracked through history. User may easily delete history and its file .bash_history. In order to preserve the history file and not letting it for user to delete it, following tweaking to bash can be set. It redirect each and every command typed in the command line to the syslog via logger command. Moreover, it also set history and history size to infinite limit that could not be cleared by the user.

Paste these in your /etc/profile file:

#Redirect the history to syslog.
 export PROMPT_COMMAND='history -a >(tee -a ~/.bash_history | logger -t "$USER[$$] $SSH_CONNECTION")'

#Prevent unset of histfile, /etc/profile
 export HISTFILE=~/.bash_history
 export HISTSIZE=10000

export HISTFILESIZE=999999
 export HISTTIMEFORMAT="%F %T:"
 # Don't let the users enter commands that are ignored in the history file
 HISTIGNORE=""
 HISTCONTROL=""
 readonly HISTFILE
 readonly PROMPT_COMMAND
 readonly HISTSIZE
 readonly HISTFILESIZE
 readonly HISTIGNORE
 readonly HISTCONTROL
 readonly HISTTIMEFORMAT

#overwrite the default homedirecotry of user
 sed -i  's/HISTFILESIZE=2000//g' ~/.bashrc
 sed -i  's/HISTSIZE=1000//g' ~/.bashrc
 sed -i  's/HISTCONTROL=ignoreboth//g' ~/.bashrc

(Note: You can use other Linux Auditing tools like snoopy, acct  etc).

Partitioning with Preseed

Debian /Ubuntu Preseeding provides a set of answer to the Installer so that you do not have to enter the answers manually during the Installation Process. Most of the questions asked by the Debian Installer can be pressed away. It can fully automate installation and even provide the features that are not available during the normal installation. To create a manual partitioning scheme we use expert recipe of Preseeding.

<owner> <question name> <question type> <value>

<owner>: “d-i” which stands for Debian Installer.

: partman-auto, partman-auto-raid and partman-auto-lvm are the packages that handle automatic partitioning of various types, and some of the questions (prompts) issued by them are described here:

<question type> says what sort of value to expect (eg string, boolean, select (for a menu)…)

<question value> this is where you put the answer that you would otherwise be entering interactively

Expert Recipe for manual partitioning


# configuration to create:

#  * 15G + 50 % RAM /

#  * 8G swap

#  * the rest formatted with LVM  on /opt

d-i     partman-auto/method     string  lvm

d-i     partman-auto/disk       string  /dev/sda

# the install makes sure we want to wipe the lvm

d-i     partman-lvm/device_remove_lvm   boolean true

d-i     partman-auto/confirm    boolean true

d-i partman-lvm/device_remove_lvm boolean true

d-i partman-lvm/confirm boolean true

d-i partman-lvm/confirm_nooverwrite boolean true

d-i     partman-auto/expert_recipe      string  es ::   \

#For GPT Partition Table

32 32 32 free                          \

$iflabel{ gpt }                  \

method{ biosgrub }               \

.                                   \

15000+50% 15000 15000+50% ext4          \

$primary{ }             \

$bootable{ }            \

method{ format }        \

format{ }               \

use_filesystem{ }       \

filesystem{ ext4 }      \

mountpoint{ / }         \

.                               \

8000 8000 8000 linux-swap       \

method{ swap }          \

format{ }               \

.                               \

64 1000 10000000 ext4            \

method{ format }        \

format{ }               \

use_filesystem{ }       \

filesystem{ ext4 }       \

lv_name{ data }         \

$defaultignore{ }       \

$lvmok{ }               \

mountpoint{ /opt }        \

.

d-i     partman-auto-lvm/guided_size    string  100%

d-i     partman/choose_partition        \

select  Finish partitioning and write changes to disk

d-i     partman-auto/confirm    boolean true

d-i     partman-auto/choose_recipe      es

References:

https://wikitech.wikimedia.org/wiki/PartMan

http://ftp.dc.volia.com/pub/debian/preseed/partman-auto-recipe.txt