HPE Community
Operating System - HP-UX
1834295 Members
2648 Online
110066 Solutions
New Discussion

Is there a way to timestamp commnd history

 
SOLVED
Go to solution
Devesh Pant_1
Esteemed Contributor

‎06-04-2005 09:58 AM

‎06-04-2005 09:58 AM

Is there a way to timestamp commnd history

Friends,
is there a way to timestamp the .sh_history details ?
any workaround method is also welcome

thanks
Devesh
0 Kudos
Reply
6 REPLIES 6
Geoff Wild
Honored Contributor

‎06-04-2005 11:55 AM

‎06-04-2005 11:55 AM

Re: Is there a way to timestamp commnd history

You can turn on auditing if you convert to a "Trusted System"

Here's what I do for the sysadmin's .profile/history


Some of .profile:

# Set up logging
HISTFILE=${HOME}/.sh_history_`who am i|awk '{ print $1}'`
export HISTFILE
print -s "### login at `/usr/bin/date` ###"
#date >>$HISTFILE
HISTSIZE=5000
export HISTSIZE

# Allow sysadmins to have customized environments.
ENV=${HOME}/.kshrc_`who am i|awk '{ print $1}'`
if [ -f $ENV ]
then
export ENV
else
ENV=${HOME}/.kshrc
export ENV
fi

# Set up shell environment:

set -u # error if undefined variable.
umask 022



# Set up shell variables:

MAIL=/var/mail/root
# don't export, so only login shell checks.

echo "WARNING: YOU ARE SUPERUSER !!\n"

HOST=`uname -n`
PS1="
\$LOGNAME@\$HOST [ \$PWD ]
# ";export PS1
stty erase ^?

trap "$HOME/.logout" 0






# cat /.logout
print -s "### logout at `/usr/bin/date` ###"



Cron:

# date stamp sh_history
0 0,6,12,18 * * * /usr/local/bin/datestamp-root-history > /tmp/datestamp-root-history.log 2>&1

#!/bin/sh
#
# script to add a date stamp to the /.sh_history_$USER
# for those su'ed to root
# Only run from cron once a day
# gwild 2004-10-15 with help from jkittle

#===================================================================
# initialize some variables
#===================================================================
ULOG=/tmp/datestamp-user.log
cat /dev/null > $ULOG



#===========================================================
# Function: TimeStamp
# Description: timestamp the /.sh_history_$USER
# Arguments: none
# Returns: none
#===========================================================
function TimeStamp {
# point to their .sh_history file
# time stamp it
echo "HISTFILE is $HISTFILE"
(export HISTFILE=${HOME}/.sh_history_$UNIQUSER; echo "HISTFILE is $HISTFILE"; print -s "### `/usr/bin/date` $UNIQUSER still logged in as root...###")

unset HISTFILE
echo "HISTFILE after unset is $HISTFILE"
}




#===================================================================
# BEGIN MAIN CODE
#===================================================================

# find parent process of all users signed in as root
for i in `ps -ef |grep "\-sh"|awk '{print $3}'`
do
# just grab the user name
for USER in `ps -ef |grep $i |grep -v root|awk '{print $1}'`
do
echo $USER >> $ULOG
done
done

# get each user only once
for UNIQUSER in `cat $ULOG |sort|uniq`
do
TimeStamp
done

exit 0



Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎06-04-2005 07:13 PM

‎06-04-2005 07:13 PM

Re: Is there a way to timestamp commnd history

The keyboard history itself, does not contain date stamps.

I do like the idea of using the audit files though, that is quite innovative.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
H.Merijn Brand (procura
Honored Contributor

‎06-05-2005 12:12 AM

‎06-05-2005 12:12 AM

Re: Is there a way to timestamp commnd history

Workaround: use the tcsh, it timestamps all commands in the history automatically.

a5:/u/usr/merijn 101 > date
Sun Jun 5 14:10:04 METDST 2005
a5:/u/usr/merijn 102 > ls -d .
.
a5:/u/usr/merijn 103 > h 2
102 14:10 ls -d .
103 14:10 h 2
a5:/u/usr/merijn 104 > set | grep hist
histdup erase
histfile /u/usr/merijn/.tcshist
history 100
savehist 100
a5:/u/usr/merijn 105 >

Enjoy, Have FUN! H.Merijn
Enjoy, Have FUN! H.Merijn
0 Kudos
Reply
C. Beerse_1
Regular Advisor

‎06-05-2005 07:58 PM

‎06-05-2005 07:58 PM

Re: Is there a way to timestamp commnd history

The command-line history is a feature of the used shell. Check the documentation of your shell for details. I have seen timestamped history with the tcsh. However, I donnot know if this timestamp is also stored in its history file or if it is for the current run only.

If it is for loggin purposes, you can try to create a script that does a `tail -f .sh_history` and puts the output in an other file with a timestamp. Be noted this will not be acurate to the second since `tail -f` only peeks every couple of seconds. Then, there is also the buffering for non-interactive i/o, this can create some other offset in the timestamps.
make everything as simple as possible, not simpler (A.Einstein??)
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎06-06-2005 12:40 AM

‎06-06-2005 12:40 AM

Solution

Re: Is there a way to timestamp commnd history

YES there is (I'm not sure where I got this, I found it last November)

Put this command into your profile:
trap 'date "+# %c" | read -s' debug

It places time stamps into the .sh_history files:

# Tue Nov 23 13:17:03 2004
whao
# Tue Nov 23 13:17:06 2004
whoami
# Tue Nov 23 13:17:08 2004
vi
# Thu Nov 18 15:29:51 2004.
ls

If you put it into place, then PLEASE increase the HISTSIZE=50000 or more


live free or die
harry d brown jr
Live Free or Die
Reply
Rick Garland
Honored Contributor

‎06-06-2005 01:24 AM

‎06-06-2005 01:24 AM

Re: Is there a way to timestamp commnd history

Each time a user logs in, be it a root user or a regular user, a separate .sh_history file is created and this file is time/date stamped.
Below is the syntax for the root acct. A user does an 'su -' to root and a shell history is created with that user name as returned by 'whoami'. Separate .sh_history files with separate date/time stamps and who did the
'su -'.
# Set up shell variables
HST=`hostname`
USR=`who -um | awk '{print $1}'`
NAME=`whoami'

# Set History File HISTFILE=/home/root/.sh_history_"${HST}"_"${USR}"-as-"${NAME}"_`date +%y%m%d.%
H%M%S_$$`
export HISTFILE
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.