Thank you very much for your kind response. I saw with lastcomm and sa commands. It is giving only commands but not full details. For example if any file is viewed by cat or tail commands it will show only as "cat and tail" with pts entries but it is not showing that which file is viewed by tail or cat commands. For example if /tmp/testing file is edited with vi command then the history command will show the full details as
2008 sa | less
2009 vi /tmp/testingg
2010 lastcomm | grep pts | less
But lastcomm command shows as
vi root pts/4 0.03 secs Thu Nov 10 23:24
less root pts/4 0.00 secs Thu Nov 10 23:24
lastcomm root pts/4 0.00 secs Thu Nov 10 23:24
lastb root pts/4 0.00 secs Thu Nov 10 23:24
lastlog root pts/4 0.00 secs Thu Nov 10 23:24
last S root pts/4 0.00 secs Thu Nov 10 23:23
vi root pts/4 0.02 secs Thu Nov 10 23:23
ls root pts/4 0.00 secs Thu Nov 10 23:23
date root pts/4 0.00 secs Thu Nov 10 23:23
whoami root pts/4 0.00 secs Thu Nov 10 23:23
sa command shows as
651 265.22re 0.05cp 0avio 1190k
26 56.62re 0.03cp 0avio 1535k ***other*
2 0.12re 0.01cp 0avio 48144k gnome-screensho
2 0.10re 0.00cp 0avio 51208k gnome-screensho*
7 0.00re 0.00cp 0avio 1666k troff
4 0.18re 0.00cp 0avio 1711k vi
5 0.01re 0.00cp 0avio 1344k dpkg
4 50.51re 0.00cp 0avio 0k kworker/0:0*
So please help me how to find the running/recent commands of other TTYs with full details(i.e commands including path if any)?
I need the details as same as history about the commands which are ran/running in other TTYs.
Originally Posted by sinuhe
You want to use process accounting (e.g. lastcomm, sa). If that is too basic, fine grained details can be filtered with kernel auditing.
Shell history is a usability feature, not security.