Red Hat Customer Portal - Access to 24x7 support and knowledge

Hi all,
my company has a tool that periodically changes root password on all servers. For some reason this tool connect to the server at least twice a day running some commands.
Personally I find annoying that history file gets filled by unuseful lines, so I though that setup a different history file for that toll would be a good solution.
So I setup a simple script like the following:

[root@server1 ~]# cat /etc/profile.d/history.sh
# This sets different history file for PAM tool
SRC_IP1="10.237.105.85" 
SRC_IP2="10.237.113.85" 
echo $SSH_CLIENT| grep -E "$SRC_IP1|$SRC_IP2" > /dev/null
RC=$?
if [[ $RC -eq 0 ]]; then
  export HISTFILE="~/.bash_anotherhistory"
fi

I don't know why, but this is not working, commands are still written in .bash_history, even if the env command shows HISTFILE properly set.
Here's the commands I find into history:

 id
 ( ( (  passwd    )  && echo '==O''K==') || echo '==FA''IL==')
date -u +'DA''TE-%d-%m-%Y'; (  grep '^root:' /etc/shadow ) ; id 'root'; echo '==''E''N''D''==' ;
sudo -K; exit

this is lastcomm output:

#lastcomm --pid --forward --tty pts/1
grep                   root     pts/1      0.00 secs Tue Dec  8 11:37 16158 16157
grepconf.sh            root     pts/1      0.00 secs Tue Dec  8 11:37 16157 16156
tty                    root     pts/1      0.00 secs Tue Dec  8 11:37 16160 16159
tput                   root     pts/1      0.00 secs Tue Dec  8 11:37 16161 16159
bash              F    root     pts/1      0.00 secs Tue Dec  8 11:37 16159 16156
dircolors              root     pts/1      0.00 secs Tue Dec  8 11:37 16163 16162
bash              F    root     pts/1      0.00 secs Tue Dec  8 11:37 16162 16156
grep                   root     pts/1      0.00 secs Tue Dec  8 11:37 16164 16156
date                   root     pts/1      0.00 secs Tue Dec  8 11:37 16165 16156
head                   root     pts/1      0.00 secs Tue Dec  8 11:37 16167 16156
last                 X root     pts/1      0.00 secs Tue Dec  8 11:37 16166 16156
bash              F    root     pts/1      0.00 secs Tue Dec  8 11:37 16168 16156
grep                   root     pts/1      0.00 secs Tue Dec  8 11:37 16169 16156
env                    root     pts/1      0.00 secs Tue Dec  8 11:37 16170 16156
consoletype            root     pts/1      0.00 secs Tue Dec  8 11:37 16172 16171
bash              F    root     pts/1      0.00 secs Tue Dec  8 11:37 16171 16156
date                   root     pts/1      0.00 secs Tue Dec  8 11:37 16175 16156
grep             S     root     pts/1      0.00 secs Tue Dec  8 11:37 16176 16156
id                     root     pts/1      0.00 secs Tue Dec  8 11:37 16177 16156
id                     root     pts/1      0.00 secs Tue Dec  8 11:37 16178 16156
passwd           S     root     pts/1      0.02 secs Tue Dec  8 11:37 16181 16180
sh                F    root     pts/1      0.00 secs Tue Dec  8 11:37 16180 16179
sh                F    root     pts/1      0.00 secs Tue Dec  8 11:37 16179 16156
date                   root     pts/1      0.00 secs Tue Dec  8 11:37 16187 16156
grep             S     root     pts/1      0.00 secs Tue Dec  8 11:37 16188 16156
id                     root     pts/1      0.00 secs Tue Dec  8 11:37 16189 16156

Any ideas?
Thanks a lot.

Ansible.com

Red Hat Ecosystem Catalog

Red Hat Hybrid Cloud Console

Red Hat Store

Red Hat Marketplace

Red Hat Summit and AnsibleFest

How to setup different history file based on IP address

Responses

Quick Links

Help

Site Info

Related Sites

Red Hat legal and privacy links

Red Hat legal and privacy links