[SOLVED] Attempting to capture all SUDO commands

lazydog · 04-07-2015, 02:32 PM

Hello I am trying to capture all commands that someone who either uses 'sudo' or 'su -' to root uses. I have the following in my .baschrc file in root;

Code:

export HISTSIZE=10000
export HISTTIMEFORMAT="%F %T "
export HISTFILE=/var/log/users_historylogs/root_history-$(who am i | awk '{print $1}';exit)
export PROMPT_COMMAND='history -a'

Checking the history file I see this;

Code:

#1428434081
cat /var/log/users_historylogs/root_history-rjs
#1428434220
vi .bashrc
#1428434289
source .bashrc
#1428434292
cat /var/log/users_historylogs/root_history-rjs
#1428434391
vi .bashrc
#1428434569
source .bashrc
#1428434572
ls

As you can see I am not seeing what I would like to see and that would be the foramt of;

20150407 15:33

Or even better

20150407 1533

What is the above not working and how can I fix this?

Habitual · 04-07-2015, 03:08 PM

and if you type 'history' is it not displayed as you expect?

T3RM1NVT0R · 04-07-2015, 04:07 PM

I think you referred this post to configure this: http://sharadchhetri.com/2011/12/02/...ndary-logging/

However, you forgot to read the comments below

Those are the epoch values what you see, author has mentioned the way to rectify the format in the comments section. Here is the abstract from it:

Code:

export PATH
export HISTSIZE=10000
export HISTTIMEFORMAT="%F %T "
export HISTFILE=/var/log/users_historylogs/root_history-$(who am i | awk '{print $1}';exit)-`date +%F`
export PROMPT_COMMAND='history -a;date >> $HISTFILE'

lazydog · 04-07-2015, 07:43 PM

All fixed, thanks T3RM1NVT0R.

T3RM1NVT0R · 04-08-2015, 01:39 AM

You're welcome and thanks for marking thread as solved.

Enjoy Linux!!!