How to setup different history file based on IP address

Latest response

Hi all,
my company has a tool that periodically changes root password on all servers. For some reason this tool connect to the server at least twice a day running some commands.
Personally I find annoying that history file gets filled by unuseful lines, so I though that setup a different history file for that toll would be a good solution.
So I setup a simple script like the following:

[root@server1 ~]# cat /etc/profile.d/history.sh
# This sets different history file for PAM tool
SRC_IP1="10.237.105.85" 
SRC_IP2="10.237.113.85" 
echo $SSH_CLIENT| grep -E "$SRC_IP1|$SRC_IP2" > /dev/null
RC=$?
if [[ $RC -eq 0 ]]; then
  export HISTFILE="~/.bash_anotherhistory"
fi

I don't know why, but this is not working, commands are still written in .bash_history, even if the env command shows HISTFILE properly set.
Here's the commands I find into history:

 id
 ( ( (  passwd    )  && echo '==O''K==') || echo '==FA''IL==')
date -u +'DA''TE-%d-%m-%Y'; (  grep '^root:' /etc/shadow ) ; id 'root'; echo '==''E''N''D''==' ;
sudo -K; exit

this is lastcomm output:

#lastcomm --pid --forward --tty pts/1
grep                   root     pts/1      0.00 secs Tue Dec  8 11:37 16158 16157
grepconf.sh            root     pts/1      0.00 secs Tue Dec  8 11:37 16157 16156
tty                    root     pts/1      0.00 secs Tue Dec  8 11:37 16160 16159
tput                   root     pts/1      0.00 secs Tue Dec  8 11:37 16161 16159
bash              F    root     pts/1      0.00 secs Tue Dec  8 11:37 16159 16156
dircolors              root     pts/1      0.00 secs Tue Dec  8 11:37 16163 16162
bash              F    root     pts/1      0.00 secs Tue Dec  8 11:37 16162 16156
grep                   root     pts/1      0.00 secs Tue Dec  8 11:37 16164 16156
date                   root     pts/1      0.00 secs Tue Dec  8 11:37 16165 16156
head                   root     pts/1      0.00 secs Tue Dec  8 11:37 16167 16156
last                 X root     pts/1      0.00 secs Tue Dec  8 11:37 16166 16156
bash              F    root     pts/1      0.00 secs Tue Dec  8 11:37 16168 16156
grep                   root     pts/1      0.00 secs Tue Dec  8 11:37 16169 16156
env                    root     pts/1      0.00 secs Tue Dec  8 11:37 16170 16156
consoletype            root     pts/1      0.00 secs Tue Dec  8 11:37 16172 16171
bash              F    root     pts/1      0.00 secs Tue Dec  8 11:37 16171 16156
date                   root     pts/1      0.00 secs Tue Dec  8 11:37 16175 16156
grep             S     root     pts/1      0.00 secs Tue Dec  8 11:37 16176 16156
id                     root     pts/1      0.00 secs Tue Dec  8 11:37 16177 16156
id                     root     pts/1      0.00 secs Tue Dec  8 11:37 16178 16156
passwd           S     root     pts/1      0.02 secs Tue Dec  8 11:37 16181 16180
sh                F    root     pts/1      0.00 secs Tue Dec  8 11:37 16180 16179
sh                F    root     pts/1      0.00 secs Tue Dec  8 11:37 16179 16156
date                   root     pts/1      0.00 secs Tue Dec  8 11:37 16187 16156
grep             S     root     pts/1      0.00 secs Tue Dec  8 11:37 16188 16156
id                     root     pts/1      0.00 secs Tue Dec  8 11:37 16189 16156

Any ideas?
Thanks a lot.

UT

Responses