Visit Our UNIX and Linux User Community


Need to see what ther Root users are doing while logged in to terminal


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Need to see what ther Root users are doing while logged in to terminal
# 1  
Old 10-22-2010
Need to see what ther Root users are doing while logged in to terminal

I have a server that i need to monitor what the .bash_history file for the root user already logged in to the server

I am logged in as root and have another person logged on as root and i want to monitor what they are doing:


root ? :0 2010-10-19 11:54
root + pts/1 2010-10-22 02:27 (192.168.170.1)
root + pts/2 2010-10-19 11:59 (:0.0)
root + pts/3 2010-10-22 03:41 (192.168.170.1)

I am using pts/1 and other person is using pts/3 i want to see what they are doing and need to know how to do this with out scripting something to monitor activity.

thanks.
# 2  
Old 10-22-2010
First, here's hoping your hat is white!

Every terminal shell writes to .*sh_history independently, and if two are active at once, the file may not show all the commands of both. You might set up the .bashrc so every login gets a fresh history file named with date-time, tty and pid. And even then, anything they put is a script is not recorded, nor if they move over to ksh/csh/tcsh/sh shell, or cat -u|bash to simulate a script. Finally, these files roll over at $HISTSIZE.

First, you want to not use the shell or history file they are using, so you do not mix your history.

You can truss/tusc their bash pid and see all to much detail, if you have it or something similar. These commands give you all kernel calls, even if the app is already running and you do not have the source. Smilie

There may be network or terminal ways to watch their interactions.

Man Page for bash (Linux Section 0) - The UNIX and Linux Forums
Code:
       HISTCONTROL
	      A colon-separated list of values controlling  how  commands  are
	      saved  on  the  history  list.   If  the list of values includes
	      ignorespace, lines which begin with a space  character  are  not
	      saved  in  the history list.  A value of ignoredups causes lines
	      matching the previous history entry to not be saved.  A value of
	      ignoreboth is shorthand for ignorespace and ignoredups.  A value
	      of erasedups causes all previous lines matching the current line
	      to  be  removed from the history list before that line is saved.
	      Any value not in the above list is ignored.  If  HISTCONTROL  is
	      unset,  or does not include a valid value, all lines read by the
	      shell parser are saved on the history list, subject to the value
	      of  HISTIGNORE.  The second and subsequent lines of a multi-line
	      compound command are not tested, and are added  to  the  history
	      regardless of the value of HISTCONTROL.
       HISTFILE
	      The name of the file in which command history is saved (see HIS-
	      TORY below).  The default value is ~/.bash_history.   If	unset,
	      the  command  history  is  not  saved  when an interactive shell
	      exits.
       HISTFILESIZE
	      The maximum number of lines contained in the history file.  When
	      this  variable  is  assigned  a value, the history file is trun-
	      cated, if necessary, by removing the oldest entries, to  contain
	      no  more	than  that number of lines.  The default value is 500.
	      The history file is also truncated to this size after writing it
	      when an interactive shell exits.
       HISTIGNORE
	      A  colon-separated list of patterns used to decide which command
	      lines should be saved on the  history  list.   Each  pattern  is
	      anchored	at  the  beginning of the line and must match the com-
	      plete line (no implicit  `*'  is	appended).   Each  pattern  is
	      tested  against  the line after the checks specified by HISTCON-
	      TROL are applied.  In  addition  to  the	normal	shell  pattern
	      matching characters, `&' matches the previous history line.  `&'
	      may be escaped using  a  backslash;  the	backslash  is  removed
	      before attempting a match.  The second and subsequent lines of a
	      multi-line compound command are not tested, and are added to the
	      history regardless of the value of HISTIGNORE.
       HISTSIZE
	      The  number  of commands to remember in the command history (see
	      HISTORY below).  The default value is 500.


Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Users not logged in for last 90 days

Hi, How to find the users who did not login into a UNIX box (thru ssh/ftp or any other way) for last 90 days? I think of using "finger" or "last" command to findout each user's last login and then find number of days between today and that day. Is there any other better way or anyone prepared... (1 Reply)
Discussion started by: reddyr
1 Replies

2. Red Hat

Current logged in users

I have 2 systems. (1) RHEL5 and (2) winXP pro from xpPRO putty i ssh into rhel5 : user root from xpPRO i ftp into rhel5 : user abc123 when i run #uptime it only shows 1 user when i do #ps -u abc123 : it shows vsftpd deamon PID is there a command that can be used to show all currently... (4 Replies)
Discussion started by: dplinux
4 Replies

3. UNIX for Dummies Questions & Answers

How many users are logged in?

How do I find this out? I have a feeling its a simple command such as who, but I just don't know what it is. I've had a search on here but either I can't put it into the right search criteria or there isn't a topic on it. Thanks. EDIT: Delete this thread, as I posted it I noticed the... (0 Replies)
Discussion started by: chris_rabz
0 Replies

4. Programming

Get the list of logged in users

How can I get the list of logged in users in the system programmatically? I can get the list with 'who' or 'users' commands but I need to get the list programmatically... May someone help, please? Thanks in advance. (2 Replies)
Discussion started by: xyzt
2 Replies

5. Shell Programming and Scripting

Users Not Logged in

I have searched the forums but have not mangaed to quite find what im looking for. I have used to /etc/passwd command to present me a list of all users the who command to present all users currently logged on, but what i want to know is what command can i use to display users that are registered... (12 Replies)
Discussion started by: warlock129
12 Replies

6. Post Here to Contact Site Administrators and Moderators

logged out users

how to find out users who logged out within 5 minutes (1 Reply)
Discussion started by: roshni
1 Replies

7. Shell Programming and Scripting

how many users logged

in unix what is the syntax to find out how many users are currently logged in (4 Replies)
Discussion started by: trichyselva
4 Replies

8. IP Networking

Users logged in through which NIC

We have two NIC cards in our IBM RS/6000 F50 running AIX 4.3.3 We are trying to make sure we have moved all users to log in through the new NIC. 10.22.x.y (old) 10.22.x.z (new) How can I tell which users are still using the old address for logging in so I can update their work station to... (5 Replies)
Discussion started by: cburtgo
5 Replies

9. IP Networking

All tcp/ip users are logged out

I have an RS6000 server running AIX and on occasion all users are logged out of the server "connection closed by foreign host" is the error message. Normally a user can press enter and get a Login prompt, but they get the message "connection refused" and then the users can wait a minute or so and... (2 Replies)
Discussion started by: Docboyeee
2 Replies

10. UNIX for Dummies Questions & Answers

Restrict users to ther home directory

Hello! I want users in a certain group to be restricted to their home directory. So that they have full access to all files and folders in their home directory but the cant go to any directory above. Does anyone know how to do this? Anders (1 Reply)
Discussion started by: alfabetman
1 Replies

Featured Tech Videos