05-31-2002
This depends on several factors...
First most modern shells can optionally keep a history file. Users can use the the history file to record their commands and repeat previous commands, etc. Users can also decline to keep a history file.
Most (perhaps all?) version of unix have systemwide accounting. But accounting was developed in an era when users paid for cpu seconds. It's pretty good at recording cpu time used by each user. And it can produce produce a list of commands that each user ran. But the info is limited and can be easily fooled. It was never intended for security.
Some versions of unix have what are called C2 security features. Few of them have actually obtained a C2 rating from the US Dept of Defense, but they have the features that DOD would look for. HP-UX is in this category. It can record each system call executed by each user. And you can specify various levels of logging for various users. This type of logging can be very detailed and on a properly admin'ed system cannot be fooled by a non-root user.
Note that both accounting and c2 security logging can require considerable resources including lots of disk space. For this reason, they are rarely used.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi
What is the cvs command for getting the diff between the checkin log and tag log.
i am trying
cvs rdiff -s -r <branch Tag> -r <branch> <module>
but it is not giving me the files that were not tagged.
I think it is doing a diff for common files in head and tag.
Please help
... (0 Replies)
Discussion started by: rakeshou
0 Replies
2. Emergency UNIX and Linux Support
Hello All, On my SuSE system, I have wtmp log this log file permission is 644 but every reboot the file permission rollback to 664. In the logrotate.conf and logrotate.d/wtmp files the wtmp logrotate set to 644. I would like to know, which "file" or "script" modify the wtmp log to rollback to... (7 Replies)
Discussion started by: kalaso
7 Replies
3. Shell Programming and Scripting
I've been finding myself using a log file colorizer written in perl to reformat and colorize the output from many different programs. Mainly, however, I use it to make the output from "tail -f" commands more readable.
The base perl script I use is based on "colorlogs.pl" available from the... (1 Reply)
Discussion started by: rcsteiner
1 Replies
4. Shell Programming and Scripting
How can view log messages between two time frame from /var/log/message or any type of log files.
when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval.
Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies
5. HP-UX
AM in need of some plugin/script that can monitor HP-UX file "/var/opt/resmon/log/event.log" .
Have written a scrip in sh shell that is working fine for syslog.log and mail.log as having standard format, have interrogated that to Nagios and is working as I required .
But same script failed to... (3 Replies)
Discussion started by: Shirishlnx
3 Replies
6. Shell Programming and Scripting
is there a way to efficiently monitor logfiles that do not have a date or time format? i have several logs on several different servers that need to be monitored. but i realized writing a script for this would be very complex and time consuming giving the variety of things i need to check for i.e.... (2 Replies)
Discussion started by: SkySmart
2 Replies
7. Shell Programming and Scripting
How to check log size every 10min. by script (can use crontab)
if log size not change with alert "Log not update"
Base run on SunOS 5.8 Generic_Virtual sun4u sparc SUNW,SPARC-Enterprise
logFiles="log1.log log2.log"
logLocation="/usr/home/test/log/"
Out put.
Tue Jan 31... (3 Replies)
Discussion started by: ooilinlove
3 Replies
8. Shell Programming and Scripting
Hi ,
We have around 22 logs , each has different entries. I have to automate this using shell script. The ideas which am sharing is given below
1) We use only TAIL -100 <location and name of the log> Command to check the logs.
2) We want to check whether the log was updated before 24... (13 Replies)
Discussion started by: Kalaihari
13 Replies
9. Web Development
Apache Web Server:
how to log http 404 error to a separate log file and i do not want to log in access.log
please advice. (2 Replies)
Discussion started by: raghur77
2 Replies
10. Shell Programming and Scripting
Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below.
function log2syslog
{
declare COMMAND
COMMAND=$(fc -ln -0)
logger -p local1.notice -t bash -i -- "$USER:$COMMAND"
}
trap... (12 Replies)
Discussion started by: invinzin21
12 Replies
LEARN ABOUT SUSE
lastcomm
lastcomm(1) User Commands lastcomm(1)
NAME
lastcomm - display the last commands executed, in reverse order
SYNOPSIS
lastcomm [-f file] [-x] [command-name] ... [user-name] ... [terminal-name] ...
DESCRIPTION
The lastcomm command gives information on previously executed commands. lastcomm with no arguments displays information about all the com-
mands recorded during the current accounting file's lifetime. If called with arguments, lastcomm only displays accounting entries with a
matching command-name, user-name, or terminal-name. If extended process accounting is active (see acctadm(1M)) and is recording the appro-
priate data items, lastcomm attempts to take data from the current extended process accounting file. If standard process accounting is
active, lastcomm takes data from the current standard accounting file (see acct(2)).
If terminal-name is `- -', there was no controlling TTY for the process. The process was probably executed during boot time. If terminal-
name is `??', the controlling TTY could not be decoded into a printable name.
For each process entry, lastcomm displays the following items of information:
o The command name under which the process was called.
o One or more flags indicating special information about the process. The flags have the following meanings:
F The process performed a fork but not an exec.
S The process ran as a set-user-id program.
o The name of the user who ran the process.
o The terminal which the user was logged in on at the time (if applicable).
o The amount of CPU time used by the process (in seconds).
o The date and time the process exited.
OPTIONS
The following options are supported:
-f file Uses file as the source of accounting data. file may be either an extended process accounting file or a standard process
accounting file.
-x Uses the currently active extended process accounting file. If extended processing accounting is inactive, no output will
be produced.
EXAMPLES
Example 1: Listing executions of named commands
The command
example% lastcomm a.out root term/01
produces a listing of all the executions of commands named a.out by user root while using the terminal term/01.
Example 2: Listing all user commands
The command
example% lastcomm root
produces a listing of all the commands executed by user root.
FILES
/var/adm/pacct standard accounting file
/var/adm/exacct/proc extended accounting file
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWesu |
+-----------------------------+-----------------------------+
SEE ALSO
last(1), acctadm(1M), acct(2), acct.h(3HEAD), sigvec(3UCB), core(4), attributes(5)
SunOS 5.10 10 Jan 2000 lastcomm(1)