Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can any body give me some idea about how to track what are the activities done by the each user on particuler date.
Let me clear what I want
1] the
Code:
last
command displays a list of all
users logged in (and out) and other info like system start and shutdown.
Now using this info I come to know that on particuler day which user has logged on to the system.
2] Using this info I want ,what activities he/she has done on that day ?
.bash_history file in the home directory of each user gives a good info about which command he/she has run in the past but dont give any idea about the date.
If you're using bash 3.x and have HISTTIMEFORMAT set
you would be able to get time-stamps. If your bash is a)
older or b) you didn't set it there's no way of finding out
what was done when.
lemme just jump in here out of curiosity, I have bash over 3.0 and was wondering, what do I need to shove to the variable? Just 1, or the actual time format? Would the format be a 'date +%blaablaa' sequence, or what?
obviously,but if suppose it is greater than 3.x then how to check for the HISTTIMEFORMAT
I have checked the SHELLOPTS variable it does not have such things
Dont want to miss a learning new thing
Again from original question, is there any way in KDE or GNOME to find such ,
Because windows have such facilty ( history,recent files,temp files etc. though it can be deleted by any one, but if in place gives a good information for the above topic.)
Originally posted by Artanicus lemme just jump in here out of curiosity, I have bash over 3.0 and was wondering, what do I need to shove to the variable? Just 1, or the actual time format? Would the format be a 'date +%blaablaa' sequence, or what?
Yep, it uses strftime strings ... a
man bash
/HISTTIMEFORMAT
would have answered that too, though ;}
Quote:
Originally posted by junaid18183
I have checked the SHELLOPTS variable it does not have such things
If you don't set it it's not there. If you want/need it, put
it in ~/.bashrc (~/.bash_logon) ...
Quote:
Originally posted by junaid18183
Because windows have such facilty ( history,recent files,temp files etc. though it can be deleted by any one, but if in place gives a good information for the above topic.)
find / -user <name> -ctime -<days-back> -ctime +<days-back-1>
should give you all files that are owned by that user and have been
modified <days-back> ago ...
Hmm..... I tried setting HISTTIMEFORMAT in .bashrc. But, didn't work as I expected.
If I set this in .bashrc, history always show time of user login, no matter when these commands are executed. I would like to get the actual time when user executed those commands.
--------------------------------------------------
[mohammed@41 ~]$ date
Thu Jan 31 21:11:37 IST 2008
[mohammed@41 ~]$ history | tail -2
1010 2008-Jan-31::21h:09m:52s date
1011 2008-Jan-31::21h:09m:52s history | tail -2
[mohammed@41 ~]$
[mohammed@41 ~]$ echo hello
hello
[mohammed@41 ~]$ echo hi
hi
[mohammed@41 ~]$ date
Thu Jan 31 21:12:01 IST 2008
[mohammed@41 ~]$ history | tail -6
1010 2008-Jan-31::21h:09m:52s date
1011 2008-Jan-31::21h:09m:52s history | tail -2
1012 2008-Jan-31::21h:09m:52s echo hello
1013 2008-Jan-31::21h:09m:52s echo hi
1014 2008-Jan-31::21h:09m:52s date
1015 2008-Jan-31::21h:09m:52s history | tail -6
--------------------------------------------------
Depending on default history setting is not always good. Commands you executed in the present console will be written to your history file (.bash_history by default) only when logout from that console. (Even though 'history' command will show you all commands you executed, it will be written to the file only when you logout). And I think, it wont be written if you just close the session or you are timed out from the session.
Also, what if you are logged into the same machine as same user from different consoles. How the commands will be written into the .bash_history file. I haven't checked this, but you can test it very easily.
So, what I am trying to do is, execute "history -a newhistfile" frequently within a script. This should write all commands executed in the present console to newhistfile. Unfortunately, this command is not working when I kept this in a script.
In short, what I want is to log all activities by every users.
The command "history -a testhist" will write all commands executed within present console to the file testhist. But, it is not working when I try it as a script. I also tried like "eval `history -a testhist`" and
"exec `history -a testhist`"......but no luck .
I think it's because, there is no binary associated with history and so it's not a recognized command. Actually, I don't how history works. Sometimes, answer to this questions may resolve everything
If it works, I can run the script periodically by inserting a timestamp.
At last I got 'history -a' command working within a script.
Here is what I did:
echo 'history -a .local_`date +%Y%b%d`' > hist
then added "source hist" into .bash_logout and that worked !!!.
Also, if you want to bring all these logfiles under root's ownership:
1. Either set a crontab under root to copy logfiles from all users.
2. Or write a setuid program which copies these logfiles into a file under root's ownership. Then run this at bash_logout.
Hmm..... I tried setting HISTTIMEFORMAT in .bashrc. But, didn't work as I expected.
If I set this in .bashrc, history always show time of user login, no matter when these commands are executed. I would like to get the actual time when user executed those commands.
--------------------------------------------------
[mohammed@41 ~]$ date
Thu Jan 31 21:11:37 IST 2008
[mohammed@41 ~]$ history | tail -2
1010 2008-Jan-31::21h:09m:52s date
1011 2008-Jan-31::21h:09m:52s history | tail -2
[mohammed@41 ~]$
[mohammed@41 ~]$ echo hello
hello
[mohammed@41 ~]$ echo hi
hi
[mohammed@41 ~]$ date
Thu Jan 31 21:12:01 IST 2008
[mohammed@41 ~]$ history | tail -6
1010 2008-Jan-31::21h:09m:52s date
1011 2008-Jan-31::21h:09m:52s history | tail -2
1012 2008-Jan-31::21h:09m:52s echo hello
1013 2008-Jan-31::21h:09m:52s echo hi
1014 2008-Jan-31::21h:09m:52s date
1015 2008-Jan-31::21h:09m:52s history | tail -6
--------------------------------------------------
Depending on default history setting is not always good. Commands you executed in the present console will be written to your history file (.bash_history by default) only when logout from that console. (Even though 'history' command will show you all commands you executed, it will be written to the file only when you logout). And I think, it wont be written if you just close the session or you are timed out from the session.
Also, what if you are logged into the same machine as same user from different consoles. How the commands will be written into the .bash_history file. I haven't checked this, but you can test it very easily.
So, what I am trying to do is, execute "history -a newhistfile" frequently within a script. This should write all commands executed in the present console to newhistfile. Unfortunately, this command is not working when I kept this in a script.
In short, what I want is to log all activities by every users.
Any ideas??. And any other way to do this??.
Regards,
Mohammed.
Hi,
Do you have any idea how i can get the real time when the command has been executed and not the logout time ?
But shell history is a user convenience, not an audit tool. As mohammednv mentioned there are ways that a user can do things and not have them appear in the history file (there are other ways, too). Especially if you are trying to detect malfeasance by a competent user, shell history is useless.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.