System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

History of user executed commands

 
Trng
Super Advisor

History of user executed commands

Dear Gurus,

my requiremnet is to capture all commands with login dtls(date/time,terminal ip) of all users logged in to my server running hpux 11.23 --i dont want to enable auditing ..

what needs to be done on /etc/profile to get this happen as shown below ..

.sh_history_root
.sh_histroy_oracle
.sh_history_sap


pls help

administrator
5 REPLIES
Mel Burslan
Honored Contributor

Re: History of user executed commands

you can do this by setting the following variables in /etc/profile (choose values according to your liking. Examples below are my preferences)

HISTFILE=/root/.sh_history # file to store command history
HISTSIZE=2000 # number of commands in history

If you are doing this for auditing purposes, please know that it will not hold water for an official audit as these files need to be writable by the users who are logged in and once they can write to these files, they can modify them as they wish and delete the commands that they do not want seen by you and others.

If you are after auditing, you either need to turn auditing on and bear the cost of it (disk space and performance-wise) or invest in a 3rd party application like PowerBroker.

Hope this helps
________________________________
UNIX because I majored in cryptology...
Sunny123_1
Esteemed Contributor

Re: History of user executed commands

Hi

Set this parameter in users .profile

HISTFILE=/.sh_history
export HISTFILE
export HISTSIZE=(required size)
It will captures all commands.

Regards
Sunny
Sunny123_1
Esteemed Contributor

Re: History of user executed commands

Hi

modification on my previous reply

export HISTSIZE=(no of commands)

Regards
Sunny
Pete Randall
Outstanding Contributor

Re: History of user executed commands

And the one problem with the above answers is that they will not provide a date/time stamp. They will simply record the command issued.


Pete

Pete
OldSchool
Honored Contributor

Re: History of user executed commands

"..login dtls(date/time,terminal ip) of all users logged in to my server.."

as noted above:
1) the history file will only hold the last "x" number of commands. If set to low, you may not capture the entire session

2) the history file will not be date/time stamped

3) the history file won't have any terminal / source IP information.

Also, since it is user-writeable, it can easily be emptied / destroyed.

I know of nothing that will capture everything your requested. Symark's PowerBroker can come close, but won't have the IP info, and its *expensive*