Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Track user commands

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Track user commands
# 1  
Old 11-18-2009
Power Track user commands
Hi,
I have a unix server and I am concerned about the security on that server.
I would like to be able to write a script that records all the commands that were typed at the command prompt before the user calls the 'history -c' command and deletes all the history.
I was thinking about firing or triggering that bacth script upon the call to history. Is this doable and if not are there any other alternatives?

Thanks --
# 2  
Old 11-18-2009
Use "fc -l" to show a history of the last commands.
# 3  
Old 11-19-2009
how to retrieve history
Thanks for your reply,

but the fc -l command works similarly to the history command.
once someone runs history -c, all the entries in the history file are deleted. This is why I need to write my own history script that runs in the background, or an easier solution would be to run a script that saves the entries in the history file in another file before erasing the history file.
Writing the script is trivial, what is not trivial to me is triggering the script when the history -c command is run.

Anyone has an idea how to do that ?
# 4  
Old 11-19-2009
Well from my knowledge there is no #history command. it is an alias to #fc command.
Solutions to your problem
create an entry in crontab. which backsup the history file every few minutes or everytime the history file is updated.
# 5  
Old 11-19-2009
Hi.

On some versions of Linux and Solaris (possibly old Solaris versions), a process accounting scheme can be made available. I know that I once used this mechanism on Sun boxes to tabulate command usage ... cheers, drl
Code:
       If  the  kernel  is  built with the process accounting option enabled (
       CONFIG_BSD_PROCESS_ACCT ), then calling acct(2) starts process account-
       ing, for example:

           acct("/var/log/pacct");

       When  process  accounting is enabled, the kernel writes a record to the
       accounting file as each process on the system terminates.

more in chapters 2 and 5 man acct

# 6  
Old 11-24-2009
saving history
Have you experimented with altering the fc command ?
# 7  
Old 11-26-2009
I wrote the following script that executes every minute:

export LOGNAME PATH
shopt -s histappend
PROMPT_COMMAND='history -a'

d=`date +%y_%m_%d%H%M%S`
#RECFILE=/root/.sessionlog/${LOGNAME}_$d
RECFILE=/root/.sessionlog/${LOGNAME}

echo "***************">> $RECFILE
echo $d >> $RECFILE
history >> $RECFILE

This copies the history log to a file and I scheduled this script to run every minute.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Need to track what Commands run in a login session

Hi I need to track what commands run in login session in solaris whether it is root or any normal users in bash shell. My actual requirement is that when a user (nomal/root) login into the system, whatever commands he run, it should log into file on specified path . I don't require command... (4 Replies)
Discussion started by: hb00
4 Replies

2. UNIX for Advanced & Expert Users

Track activity of a user

Hi All We have a job which writes files to a server at a particular time. The files will be created by a particular user ID Today, during the execution of the job, it created a file to the server and the file sat on the server for sometime, but was deleted immediately at the end of the... (4 Replies)
Discussion started by: sparks
4 Replies

3. UNIX for Dummies Questions & Answers

How to track user activity?

Hi All Please can you help me with the following issue: A certain vendor installed an application in which for a user to log in; the user must use a user created/predefined by the application. And because this application has more than one user its difficult to track who did what and when,... (6 Replies)
Discussion started by: fretagi
6 Replies

4. AIX

track commands run as root after sudo

I'm looking for a way to track commands that are run as root after a user runs sudo su - root. I have a profile set up for root that will track the commands by userid but if we change the shell it only stores it in that shells history file. (2 Replies)
Discussion started by: toor13
2 Replies

5. Homework & Coursework Questions

Track user log!

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: The task is to measure the density of users that are logged on system. The program should check that every 30... (7 Replies)
Discussion started by: petel1
7 Replies

6. UNIX for Dummies Questions & Answers

Track user

Hi, i suddenly realized that a directory is deleted unfortunately there are many user have pervilages on this directory is there a way to track the user who delete this directory or atleast from now can i enable something so that i can track from now I think there is way from... (2 Replies)
Discussion started by: crackgeek
2 Replies

7. Shell Programming and Scripting

keep track of every user

dear all , I m new to shell programming and I need your help. Actually i want to keep track of all the commands executed in a bash prompt of users , very much in same manner as it is displayed when we run "history" command. now the users are smart enough as they delete their history by... (6 Replies)
Discussion started by: xander
6 Replies

8. UNIX for Dummies Questions & Answers

Possible to track FTP user last login? Last and Finger don't track them.

Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in. Is there a way to see when ftp users log in... (1 Reply)
Discussion started by: LordJezo
1 Replies

9. UNIX for Advanced & Expert Users

Track user activity --pls help

hi I want to know how to save all the command used by all the used under a particular root with the time stamp in a file. Eg: User Name: UX10 Time: 10:56 Command: LS User Name: UX23 Time: 10:59 Command: MORE abc.txt -Anand (2 Replies)
Discussion started by: anandtharani
2 Replies

10. Programming

keep track of the last 10 commands the user typed

Can I do it like this? if (strcmp(argv, "history")==0) { argv = "10"; execvp(argc,argv); } actually, it doesn't work, How can I modify it? Thanks (17 Replies)
Discussion started by: zhshqzyc
17 Replies
Login or Register to Ask a Question