LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-10-2011, 10:10 AM   #1
loveulinux
Member
 
Registered: Aug 2011
Posts: 68

Rep: Reputation: Disabled
History command


Hi..All,
Today I gave ssh access to one of the vendor to setup Firewall in our server. I ran history but it is showing only those commands which were ran by me. And not showing the vendor commands. Tomorrow also he is taking remote desktop through ssh. So could any body please guide me how to monitor the commands which will be running by him in the other TTYs.
 
Old 11-10-2011, 10:27 AM   #2
sinuhe
Member
 
Registered: Apr 2010
Location: Utah
Distribution: Slackware
Posts: 42

Rep: Reputation: 4
psacct

You want to use process accounting (e.g. lastcomm, sa). If that is too basic, fine grained details can be filtered with kernel auditing.

Shell history is a usability feature, not security.
 
1 members found this post helpful.
Old 11-10-2011, 12:01 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
See this, this and that to point out just a few posts.
 
Old 11-10-2011, 12:09 PM   #4
loveulinux
Member
 
Registered: Aug 2011
Posts: 68

Original Poster
Rep: Reputation: Disabled
History command

Thank you very much for your kind response. I saw with lastcomm and sa commands. It is giving only commands but not full details. For example if any file is viewed by cat or tail commands it will show only as "cat and tail" with pts entries but it is not showing that which file is viewed by tail or cat commands. For example if /tmp/testing file is edited with vi command then the history command will show the full details as
Quote:
2007 sa
2008 sa | less
2009 vi /tmp/testingg
2010 lastcomm | grep pts | less
2011 history
But lastcomm command shows as
Quote:
vi root pts/4 0.03 secs Thu Nov 10 23:24
less root pts/4 0.00 secs Thu Nov 10 23:24
lastcomm root pts/4 0.00 secs Thu Nov 10 23:24
lastb root pts/4 0.00 secs Thu Nov 10 23:24
lastlog root pts/4 0.00 secs Thu Nov 10 23:24
last S root pts/4 0.00 secs Thu Nov 10 23:23
vi root pts/4 0.02 secs Thu Nov 10 23:23
ls root pts/4 0.00 secs Thu Nov 10 23:23
date root pts/4 0.00 secs Thu Nov 10 23:23
whoami root pts/4 0.00 secs Thu Nov 10 23:23
sa command shows as
Quote:
651 265.22re 0.05cp 0avio 1190k
26 56.62re 0.03cp 0avio 1535k ***other*
2 0.12re 0.01cp 0avio 48144k gnome-screensho
2 0.10re 0.00cp 0avio 51208k gnome-screensho*
7 0.00re 0.00cp 0avio 1666k troff
4 0.18re 0.00cp 0avio 1711k vi
5 0.01re 0.00cp 0avio 1344k dpkg
4 50.51re 0.00cp 0avio 0k kworker/0:0*
So please help me how to find the running/recent commands of other TTYs with full details(i.e commands including path if any)?
I need the details as same as history about the commands which are ran/running in other TTYs.



Quote:
Originally Posted by sinuhe View Post
You want to use process accounting (e.g. lastcomm, sa). If that is too basic, fine grained details can be filtered with kernel auditing.

Shell history is a usability feature, not security.
 
Old 11-10-2011, 12:28 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
Quote:
Originally Posted by loveulinux View Post
please help me how to find the running/recent commands of other TTYs with full details
With Linux that's very simple because it doesn't come with extensive logging enabled out of the box. So if it wasn't configured for that beforehand there'll be no details logged. My previous post shows you ways to get more logging done but you'll have to read a bit.
 
Old 11-10-2011, 03:58 PM   #6
kbscores
Member
 
Registered: Oct 2011
Location: USA
Distribution: Red Hat
Posts: 259
Blog Entries: 9

Rep: Reputation: 32
If you use script command it will actually log all commands and output into a file called typescript. It launches a new shell so to exit out of it you'd just type exit or ctrl+d. -- the vendor would have to type it when they enter into box or type it before passing window to them.

If you are an sa with root access - you could su to their account and use history command.

Last edited by kbscores; 11-10-2011 at 04:00 PM.
 
Old 11-10-2011, 04:33 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
Quote:
Originally Posted by kbscores View Post
If you use script command it will actually log all commands and output into a file called typescript. (..) If you are an sa with root access - you could su to their account and use history command.
If you actually would have read this post of mine maybe you would have understood the limited value of what you just suggested.
 
1 members found this post helpful.
Old 11-10-2011, 07:58 PM   #8
loveulinux
Member
 
Registered: Aug 2011
Posts: 68

Original Poster
Rep: Reputation: Disabled
History command

Thanks unSpawn,
I let you know after reading the provided links if I found any difficulties. Thank you very much.

Quote:
Originally Posted by unSpawn View Post
If you actually would have read this post of mine maybe you would have understood the limited value of what you just suggested.
 
Old 11-14-2011, 11:19 AM   #9
kbscores
Member
 
Registered: Oct 2011
Location: USA
Distribution: Red Hat
Posts: 259
Blog Entries: 9

Rep: Reputation: 32
thank you for your auditing expertise unspawn.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
history command in hp ux abhijeetdutta Other *NIX 8 05-22-2014 02:10 PM
[SOLVED] Is there any command to delete bash command history? cola Linux - Newbie 4 06-01-2010 07:32 AM
URGENT! Is there any command to get a history command lines and time in SUSE Linux.? igsoper Linux - Software 5 06-25-2009 02:14 AM
History command amer_58 Linux - General 5 06-24-2005 12:26 PM
Command history? King4lex Linux - Newbie 4 09-03-2004 08:35 PM


All times are GMT -5. The time now is 07:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration