02-10-2008
If your running the
acct packages there your good to go for doing just that, that gives you quite a bit extra commands like lastcomm and what not to show command history and more.
Though most intrusions avoid utmp/wtmp pretty handedly
8 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi All,
Whenever I log in to my terminal and execute some cmds and then I type "history", I get the list of all the commands that I have executed.
I want to know where is the history been stored (any path location ?)
Secondly,if I want to delete the history or some part of the history, can... (9 Replies)
Discussion started by: shubhranshu
9 Replies
2. UNIX for Advanced & Expert Users
Team ,
using fc command we can get details of our history file .. Is it possible to get the same result for different user from root.. Actually I need to collect all the stuff from select users history file for day to day basis.
thanks in advance .. (2 Replies)
Discussion started by: rgpai9972
2 Replies
3. UNIX for Dummies Questions & Answers
How do I pipe serveral commans that will list only the user ids, sort the output, and remove any duplice name entries for those that have logged in in the past month? Thanks! (1 Reply)
Discussion started by: CasperQuiet
1 Replies
4. Shell Programming and Scripting
Hi,
I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history?
thank you,
S (4 Replies)
Discussion started by: sardare
4 Replies
5. Solaris
Hi
We are sharing our envoirnment with our component teams. the plateform is SunOS 5.8 Generic_117350-41 sun4u sparc SUNW,Sun-Fire-V490.
All team logs in the domain with same user and perform activities.
Now for the system auditing purpose can somebody guide me how can I get the details when... (6 Replies)
Discussion started by: sukhvinder_Tm
6 Replies
6. UNIX for Advanced & Expert Users
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (3 Replies)
Discussion started by: linuxadmin
3 Replies
7. Shell Programming and Scripting
Is it possible to find out the history of recently typed in commands of a particular user in a multi user system?
the history command expects a numeric argument with it. is it possible to find out the history o commands of a particular user say John_smith for example? (2 Replies)
Discussion started by: arindamlive
2 Replies
8. UNIX for Dummies Questions & Answers
Hi all,
My need is :
1. To know who , when , which command used.
2. Local user should not delete this information.
I mean , with an example , i can say
i have a user user1
i need to give all the following permissions to user1, :
a. A specific directory other than his home... (1 Reply)
Discussion started by: sriky86
1 Replies
LASTCOMM(1) BSD General Commands Manual LASTCOMM(1)
NAME
lastcomm -- show last commands executed in reverse order
SYNOPSIS
lastcomm [-f file] [command ...] [user ...] [terminal ...]
DESCRIPTION
lastcomm gives information on previously executed commands. With no arguments, lastcomm prints information about all the commands recorded
during the current accounting file's lifetime.
Option:
-f file Read from file rather than the default accounting file.
If called with arguments, only accounting entries with a matching command name, user name, or terminal name are printed. So, for example:
lastcomm a.out root ttyd0
would produce a listing of all the executions of commands named a.out by user root on the terminal ttyd0.
For each process entry, the following are printed.
o The name of the user who ran the process.
o Flags, as accumulated by the accounting facilities in the system.
o The command name under which the process was called.
o The amount of cpu time used by the process (in seconds).
o The time the process started.
o The elapsed time of the process.
The flags are encoded as follows: ``S'' indicates the command was executed by the super-user, ``F'' indicates the command ran after a fork,
but without a following exec(3), ``C'' indicates the command was run in PDP-11 compatibility mode (VAX only), ``D'' indicates the command
terminated with the generation of a core file, and ``X'' indicates the command was terminated with a signal.
FILES
/var/account/acct Default accounting file.
SEE ALSO
last(1), sigaction(2), acct(5), core(5)
HISTORY
The lastcomm command appeared in 3.0BSD.
BSD
December 22, 2006 BSD