Mainstream Linux distribution installations don't cater for an all-encompassing audit trail out-of-the-box. Like any $LOGNAME-owned files shell history (settings) can be disabled or tampered with and won't show everything (for instance what happens inside a CLI application like a MUA or an $EDITOR). Most that ask such questions never anticipated the question and obviously you can't display what you didn't log before. Next to that bolting measures on should be preceded by verifying any existing modifications first. However the first and overarching aspect is (or should be) to look at the reasons for requiring logging. For example if this is about regulatory compliance then the implementation documentation should tell you what logging is required and how to implement it. Mandatory compliance or other pressing arguments will also help you judge if for example the amount of work involved or the invasiveness of certain solutions are in line with the benefits.
That said realistically speaking there are only a few tools that will help establish a reasonably good audit trail. The first is to send all logging to a well-protected, tamper-proof remote syslog server. Secondly restrict and limit access as much as possible (see for example 'chage', /etc/pam.d/*, /etc/security/* and obviously no "ALL ALL = NOPASSWD" in /etc/sudoers) and ensure logging has the required facility / priority settings. In essence: basic system hardening. RHEL includes SELinux which should be enabled with at least the unmodified targeted policy and it has the audit service which should run with the appropriate (mix of) LSPP, CAPP, NISPOM or STIG rules and enhanced with specific local watches. Session logging can then be done like chrism01 already suggested with Rootsh or a logging shell or using 'snoopy'.
For more information please see https://www.linuxquestions.org/quest...patches-34823/
and the linked docs / posts it leads to.