11-18-2009
Track user commands
Hi,
I have a unix server and I am concerned about the security on that server.
I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history.
I was thinking about firing or triggering that bacth script upon the call to history. Is this doable and if not are there any other alternatives?
Thanks --
10 More Discussions You Might Find Interesting
1. Programming
Can I do it like this?
if (strcmp(argv, "history")==0)
{
argv = "10";
execvp(argc,argv);
}
actually, it doesn't work,
How can I modify it?
Thanks (17 Replies)
Discussion started by: zhshqzyc
17 Replies
2. UNIX for Advanced & Expert Users
hi
I want to know how to save all the command used by all the used under a particular root with the time stamp in a file.
Eg:
User Name: UX10
Time: 10:56
Command: LS
User Name: UX23
Time: 10:59
Command: MORE abc.txt
-Anand (2 Replies)
Discussion started by: anandtharani
2 Replies
3. UNIX for Dummies Questions & Answers
Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in.
Is there a way to see when ftp users log in... (1 Reply)
Discussion started by: LordJezo
1 Replies
4. Shell Programming and Scripting
dear all ,
I m new to shell programming and I need your help.
Actually i want to keep track of all the commands executed in a bash prompt of users ,
very much in same manner as it is displayed when we run "history" command.
now the users are smart enough as they delete their history by... (6 Replies)
Discussion started by: xander
6 Replies
5. UNIX for Dummies Questions & Answers
Hi, i suddenly realized that a directory is deleted unfortunately there are many user have pervilages on this directory
is there a way to track the user who delete this directory
or atleast from now can i enable something so that i can track from now
I think there is way from... (2 Replies)
Discussion started by: crackgeek
2 Replies
6. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
The task is to measure the density of users that are logged on system. The program
should check that every 30... (7 Replies)
Discussion started by: petel1
7 Replies
7. AIX
I'm looking for a way to track commands that are run as root after a user runs sudo su - root. I have a profile set up for root that will track the commands by userid but if we change the shell it only stores it in that shells history file. (2 Replies)
Discussion started by: toor13
2 Replies
8. UNIX for Dummies Questions & Answers
Hi All
Please can you help me with the following issue:
A certain vendor installed an application in which for a user to log in; the user must use a user created/predefined by the application. And because this application has more than one user its difficult to track who did what and when,... (6 Replies)
Discussion started by: fretagi
6 Replies
9. UNIX for Advanced & Expert Users
Hi All
We have a job which writes files to a server at a particular time. The files will be created by a particular user ID
Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies
10. Shell Programming and Scripting
Hi
I need to track what commands run in login session in solaris whether it is root or any normal users in bash shell.
My actual requirement is that when a user (nomal/root) login into the system, whatever commands he run, it should log into file on specified path . I don't require command... (4 Replies)
Discussion started by: hb00
4 Replies
LEARN ABOUT MOJAVE
history
history(n) Tcl Built-In Commands history(n)
__________________________________________________________________________________________________________________________________________________
NAME
history - Manipulate the history list
SYNOPSIS
history ?option? ?arg arg ...?
_________________________________________________________________
DESCRIPTION
The history command performs one of several operations related to recently-executed commands recorded in a history list. Each of these
recorded commands is referred to as an "event". When specifying an event to the history command, the following forms may be used:
[1] A number: if positive, it refers to the event with that number (all events are numbered starting at 1). If the number is negative,
it selects an event relative to the current event (-1 refers to the previous event, -2 to the one before that, and so on). Event 0
refers to the current event.
[2] A string: selects the most recent event that matches the string. An event is considered to match the string either if the string
is the same as the first characters of the event, or if the string matches the event in the sense of the string match command.
The history command can take any of the following forms:
history
Same as history info, described below.
history add command ?exec?
Adds the command argument to the history list as a new event. If exec is specified (or abbreviated) then the command is also exe-
cuted and its result is returned. If exec is not specified then an empty string is returned as result.
history change newValue ?event?
Replaces the value recorded for an event with newValue. Event specifies the event to replace, and defaults to the current event
(not event -1). This command is intended for use in commands that implement new forms of history substitution and wish to replace
the current event (which invokes the substitution) with the command created through substitution. The return value is an empty
string.
history clear
Erase the history list. The current keep limit is retained. The history event numbers are reset.
history event ?event?
Returns the value of the event given by event. Event defaults to -1.
history info ?count?
Returns a formatted string (intended for humans to read) giving the event number and contents for each of the events in the history
list except the current event. If count is specified then only the most recent count events are returned.
history keep ?count?
This command may be used to change the size of the history list to count events. Initially, 20 events are retained in the history
list. If count is not specified, the current keep limit is returned.
history nextid
Returns the number of the next event to be recorded in the history list. It is useful for things like printing the event number in
command-line prompts.
history redo ?event?
Re-executes the command indicated by event and returns its result. Event defaults to -1. This command results in history revision:
see below for details.
HISTORY REVISION
Pre-8.0 Tcl had a complex history revision mechanism. The current mechanism is more limited, and the old history operations substitute and
words have been removed. (As a consolation, the clear operation was added.)
The history option redo results in much simpler "history revision". When this option is invoked then the most recent event is modified to
eliminate the history command and replace it with the result of the history command. If you want to redo an event without modifying his-
tory, then use the event operation to retrieve some event, and the add operation to add it to history and execute it.
KEYWORDS
event, history, record
Tcl history(n)