Online Expert Day - HPE Data Storage - Live Now
April 24/25 - Online Expert Day - HPE Data Storage - Live Now
Read more
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Script to capture the commands run by users

SOLVED
Go to solution
Dhruva Raj
Advisor

Script to capture the commands run by users

Hi All,

I am trying to write a script which captures the commands run by other users in the system

One way of using this is by copying the history file of that user at a regular interval of time.

Do we have a better way of doing this, because i am looking to capture the command and the time it was ran.

Regards,
Druva
4 REPLIES
James R. Ferguson
Acclaimed Contributor
Solution

Re: Script to capture the commands run by users

Hi Dhruva:

Using the '.sh_history' file to monitor who did what isn't a guaranteed audit by any means. A user can truncate or remove the '.sh_history' to obliterate a record of what was performed.

Turning on auditing is one way to see who/what but then this has overhead that may be more than its worth.

If you system is well configured (secured) then the ability to inflict real damage is confined to the 'root' account. Securing the use of that account is paramount.

Regards!

...JRF...

Steven E. Protter
Exalted Contributor

Re: Script to capture the commands run by users

Shalom,

You need to be root to pull this off.

Check the user profile .profile

See what HISTFILE is set to.

copy that file to your repository.

I suggest giving it a unique name so you can tell who did what.

Setting the HISTFILE variable is all you need to do to capture keystrokes by users.

However, a user can alter his own HISTFILE, which is usually .sh_history . If you are looking for activity that should not be happening, the smart malicious user will edit the .sh_history file after they do whatever badness they do.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Dhruva Raj
Advisor

Re: Script to capture the commands run by users

Thanks for the response guys,

Yes I agree the points, thats why i am in the forum looking for a better way to monitor/capture commands ran by users in the system.
I am a root admin, and i can see that somebody has done some mischief on the system and i am not able to trace it.
Please help me with a script or a way to do it.

Thanks again,
Druva
Dhruva Raj
Advisor

Re: Script to capture the commands run by users

made a script which pushes the data of history fil to another file periodically.