HPE Community
Operating System - HP-UX
1825776 Members
2128 Online
109687 Solutions
New Discussion

Command history

 
Laszlo Csizmadia
Frequent Advisor

‎06-30-2003 06:36 AM

‎06-30-2003 06:36 AM

Command history

Which is the best way to log every shell command on an HP-UX matchine?.
Sometimes it happens that a user did something and I want to see what commands he gave out from his terminal session but it's not listed in .sh_history or in similar file. Sometimes even happens that the history file is deleted.
A would appreciate any ideas...
Thanks.
0 Kudos
Reply
8 REPLIES 8
Hai Nguyen_1
Honored Contributor

‎06-30-2003 06:38 AM

‎06-30-2003 06:38 AM

Re: Command history

Laszlo,

Look into trusted system. I think you can audit a user's activities with it.

Hai
0 Kudos
Reply
John Meissner
Esteemed Contributor

‎06-30-2003 06:39 AM

‎06-30-2003 06:39 AM

Re: Command history

you could put
script filename
in their .profile....

but this would capture all stdin stdout and stderr

you would have some large files on your system if you didn't clean them
All paths lead to destiny
0 Kudos
Reply
Umapathy S
Honored Contributor

‎06-30-2003 06:49 AM

‎06-30-2003 06:49 AM

Re: Command history

Laszlo,
Check whether HISTFILE is exported for all users. If its not exported then you cannot see the command history in .sh_history file.

HTH,
Umapathy

Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎06-30-2003 07:04 AM

‎06-30-2003 07:04 AM

Re: Command history

Hi,

# man lastcomm

If you activate accounting do not forget to check the size of /var even extend it.

Kind regards,

Robert-Jan.
0 Kudos
Reply
Jim Mallett
Honored Contributor

‎06-30-2003 07:48 AM

‎06-30-2003 07:48 AM

Re: Command history

Check their profile to be sure the HIST variables are being exported.

You could have their HISTFILE go to a folder other than their default home folder, one that they don't have priviledges to delete like /var/adm. That will not keep them from editing the files if that is what you think is happening.

I think Auditing is your best bet.

Jim
Hindsight is 20/20
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎06-30-2003 07:53 AM

‎06-30-2003 07:53 AM

Re: Command history

You can set your system to be a trusted system.
...and that means that everybody gets 'trusted'. So you can count a space being chewed up, and the need to review these files.

Or, you can look into a third party software that allows you to record everything a person or persons does on a toggle on/off basis. That way you don't get the all or nothing effect of a trusted system.
We went with PowerBroker from Symark. We use it for spot monitory/checking of folks, and use the tools to set up customized root permissions (and record the activity).

Cause everyone..needs choices,
Rgrds,
Rita
0 Kudos
Reply
Caesar_3
Esteemed Contributor

‎06-30-2003 01:08 PM

‎06-30-2003 01:08 PM

Re: Command history

Hello!

If you use trusted system it write all
what done in the system.
You can also use script command that will
save all what done in the prompt.

Caesar
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-30-2003 01:16 PM

‎06-30-2003 01:16 PM

Re: Command history

Assuming the users have the standard POSIX shell (or perhaps ksh), put this in your /etc/profile file:

export HISTFILE=$HOME/.sh_history

Just to be sure, create the shell history file in every user's directory. Assuming (again) that all users have their HOME in the /home directory, do this one time:

umask 077
export PATH=/usr/bin
for MYHOME in /home/*
do
MYUSER=$(basename $MYHOME)
touch $MYHOME/.sh_history
chown $MYUSER $HOME/.sh_history
done

Note that if the users are doing something complicated like running an Xwindow emulator and using CDE to manage their screens, there are more steps required.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.