LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   track and log user activity in linux (https://www.linuxquestions.org/questions/linux-newbie-8/track-and-log-user-activity-in-linux-4175510359/)

prabhakar1234 07-07-2014 06:18 AM
track and log user activity in linux
 
dear all ,



Actually i want to keep track of all the commands executed in a bash prompt of users ,
very much in same manner as it is displayed when we run "history" command.

now the users are smart enough as they delete their history by "history -c".

my motive is to get the command exactly in same manner as it was executed

E.g: -- Someuser typed "rm -rf Impfile.txt"

Then i need exactly the same syntax ----> "rm -rf Impfile.txt" with user name in syslog to keep the track record .


or is their any linux utility which will log all user activity in syslog

I have googled a lot for this but didn't find any satisfactory answer.

I know there must be some solution to this that is why I am posting in this forum as many linux experts are on this forum.

Thanx in Advance

JeremyBoden 07-07-2014 06:50 AM
Quote:
now the users are smart enough as they delete their history by "history -c".
Why would they do this?

Anyway, what's to stop them writing some of their commands as bash scripts?

One possibility is to change their command entry prompt so as to pre-execute a short script which takes any parameter string passed in (a command) and logs it to syslog before passing it on to bash to be executed.

If you just want to hide a few commands try looking at the alias command.

Habitual 07-07-2014 08:50 AM
Quote:
Originally Posted by prabhakar1234 (Post 5199888)
I have googled a lot for this but didn't find any satisfactory answer.
I wonder what you googled for, exactly.
GIGO...
I literally searched for the topic of this thread at google.com and found 1.7 Million hits.
I find it hard to believe that none are "satisfactory"

Good Luck.

Edit: JeremyBoden has a valid point, eg. shell scripts.
Script running will be recorded, but not the commands in them.
Changing shells is also a bypass option.
or commands prefaced with a <space> in the bash shell.

You have to be smarter than your users and 5 years since an identical word-for-word post here (Thanks Google)

I feel very sad, if that's your post as well.

${i} 07-07-2014 04:50 PM
Quote:
Originally Posted by prabhakar1234 (Post 5199888)
is their any linux utility which will log all user activity in syslog

I have googled a lot for this but didn't find any satisfactory answer.

I know there must be some solution to this that is why I am posting in this forum as many linux experts are on this forum.

Thanx in Advance
What you need is called process accounting -- it logs users activities including commands they type.

Read the tutorial here
http://www.tecmint.com/how-to-monito...or-acct-tools/

I hope this is what you are looking for

unSpawn 07-07-2014 06:12 PM
Over the years I've made quite a few posts I think about logging. This one for example should give enough pointers to get you started. psacct BTW doesn't cut it if you require a more extensive audit trail but Rootsh definitely helps. (*BTW searching LQ helps, at least one of my posts on Rooths precedes the unix.com one by 3 years ;-p)


All times are GMT -5. The time now is 03:59 AM.