HPE Community
Operating System - HP-UX
1833815 Members
2499 Online
110063 Solutions
New Discussion

Last commands

 
logaraman
Regular Advisor

‎09-04-2005 04:32 PM

‎09-04-2005 04:32 PM

Last commands

Hi ,

I would like to trace the last executed commands on a HP box. I was unable to find it with the history command. Could any1 help me in finding out the last executed commands and also i wud like to find out from which telnet session has executed the command
0 Kudos
Reply
9 REPLIES 9
morganelan
Trusted Contributor

‎09-04-2005 04:49 PM

‎09-04-2005 04:49 PM

Re: Last commands

You must set two shell variables HISTFILE and HISTSIZE to maintain history of your commands that have been executed on your HPUX Machine.
The history file specified by HISTFILE contains the latest commands you executed at your terminal. Every time you type a command at the prompt and press Return it is stored in this history file. HISTSIZE specifies the maximum number of commands stored in that file. For example:

HISTFILE=/users/test/.history
HISTSIZE=20

If you do not set these two variables in your .profile, the shell defaults to a file named .sh_history of 128 lines.

The history mechanism keeps continuous record of the most recent commands you have executed, even if you log out and back into the system many times or execute the commands in a subshell.
Kamal Mirdad
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-04-2005 05:44 PM

‎09-04-2005 05:44 PM

Re: Last commands

You can enable history logging as,

-- /etc/profile --
set -o vi
export $HISTFILE=$HOME/.sh_history
export $HISTSIZE=2000

ps | grep -q 'telnetd'
if [ $? -eq 0 ]
then
echo "Telnet sesssion logged $LOGNAME $(date)" >> $HISTFILE
fi

hth.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

‎09-04-2005 05:47 PM

‎09-04-2005 05:47 PM

Re: Last commands

You can also take the help of script command.

Just write
script filename
in .profile and everthing the user does will be recorded in it.
Vibhor Kumar Agarwal
0 Kudos
Reply
Piergiacomo Perini
Trusted Contributor

‎09-05-2005 01:38 AM

‎09-05-2005 01:38 AM

Re: Last commands

Hi every1,

maybe also command "last",
with -R option, can be useful
to pinpoint who and which telnet session
were executed.
hth

regards
pg
0 Kudos
Reply
Alessandro Pilati
Esteemed Contributor

‎09-05-2005 01:43 AM

‎09-05-2005 01:43 AM

Re: Last commands

Put in the .profile the following setting:

HISTFILE=/tmp/`who -u am i|awk '{ print $1"_"$8"_"$2 }'|sed 's/\///g'`.hist
So you will get, for each user that logs in the server, separate history files under /tmp
( for example: /tmp/root_10.115.0.3_pts0.hist )

Regards,
Alex
if you don't try, you'll never know if you are able to
0 Kudos
Reply
Raj D.
Honored Contributor

‎09-05-2005 02:00 AM

‎09-05-2005 02:00 AM

Re: Last commands

Hi logaraman,

You can also check with last and lastb command , for lastlogin and badlogins.

You can also enable audit , and check details with audisp -u username ; audisp -e eventname ; audisp -f for failed operations.


Cheers,
Raj.

" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Raj D.
Honored Contributor

‎09-05-2005 02:06 AM

‎09-05-2005 02:06 AM

Re: Last commands

Hi Logaraman ,

Auditing can be configure using audsys and audevent

#man 1m audsys and
#man 1m audevent

Cheers,
Raj
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
logaraman
Regular Advisor

‎09-05-2005 05:01 PM

‎09-05-2005 05:01 PM

Re: Last commands

Hi All,

Thanks for all ur inputs and those were great. To be specific, i would like to trace the commands executed by each and everyuser with their IP address without adding the scripts on each and every users profile. Its something like the history command in solaris
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-05-2005 05:56 PM

‎09-05-2005 05:56 PM

Re: Last commands

You can enable history logging to all users globally as,

-- /etc/profile --
set -o vi
export $HISTFILE=/var/.history_log
export $HISTSIZE=2000

ps | grep -q 'telnetd'
if [ $? -eq 0 ]
then
echo "Telnet sesssion logged $LOGNAME $(date)" >> $HISTFILE
echo "`who -mu` is logged" >> $HISTFILE
fi

You can audit with /var/.history_log file. If you want,you can change the location.

It will log history for all telnet based logins. If you don't want then remove telnet check and put two echo lines.

hth.

Easy to suggest when don't know about the problem!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.