HPE Community
Operating System - HP-UX
1820198 Members
3977 Online
109620 Solutions
New Discussion юеВ

Logging commands executed in shell

 
SOLVED
Go to solution
Laszlo Csizmadia
Frequent Advisor

тАО08-10-2005 04:20 AM

тАО08-10-2005 04:20 AM

Logging commands executed in shell

Is there any good and straightforward way on HP-UX to log commands executed in a shell?
Obviously there is .sh_history and .bash_history but it not very accurate. (If you just close the putty window or login simultaneously with same account it doesn't updated well.)
And I also want to see the time when a given command was executed which not included in shell history files.

I would appreciate any ideasтАж
Thanks in advance.
0 Kudos
Reply
8 REPLIES 8
Mel Burslan
Honored Contributor

тАО08-10-2005 04:27 AM

тАО08-10-2005 04:27 AM

Re: Logging commands executed in shell

You can use a product like powerbroker and require user to start his/her session with

pbrun ksh # (or shell of your choice)

from this moment on, every keystroke they make gets recorded in PB logs. It is not a free product, but has very good logging capabilities as well as delegation of authority features.

visit :

http;//www.symark.com

for more information.
HTH
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
melvyn burnard
Honored Contributor

тАО08-10-2005 04:35 AM

тАО08-10-2005 04:35 AM

Re: Logging commands executed in shell

you could use script. Set it up to execute as they logon in their profile, and it will create a file which you could name using date/time extensions, and this records all commands they issue while logged in on this session.
man script
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
Laszlo Csizmadia
Frequent Advisor

тАО08-10-2005 04:39 AM

тАО08-10-2005 04:39 AM

Re: Logging commands executed in shell

Powerbroker seems a good a sophisticated tool but I would prefer some HP tool.
(Or something open source with GPL license.)
BTW is it possible to do this with HP-UX own accounting mechanism? Man acct.
0 Kudos
Reply
Laszlo Csizmadia
Frequent Advisor

тАО08-10-2005 04:43 AM

тАО08-10-2005 04:43 AM

Re: Logging commands executed in shell

Thanks Melvyn! I guess you mean sg like this e.g.:
# Set up shell history file
myterm=`ps | tail -1 | awk '{print $2}'`
export HISTFILE=$HOME/.sh_history.`who -R|grep \$myterm|awk '{print $6}'
|sed s/\(//|sed s/\)//`

But it doesn't log timestamp for commands. And it not really working if you just close your teminal. It just solve the problem of simultaneous login.
0 Kudos
Reply
Olivier Masse
Honored Contributor

тАО08-10-2005 04:45 AM

тАО08-10-2005 04:45 AM

Solution

Re: Logging commands executed in shell

We use the auditing susbsystem, and log all exec() calls. This has worked good for us. However there is a bug if you login using SSH as it's not self-auditing as telnetd is. I've published a workaround here:
http://www.mayoxide.com/audenable/

Another alternative is documented here:
http://honeypots.sourceforge.net/modified_script.html

I started porting this to HP-UX some time ago (can give you my sources if you want) but found it to be too risky for corner cases.

Olivier.
Reply
Rick Garland
Honored Contributor

тАО08-10-2005 04:49 AM

тАО08-10-2005 04:49 AM

Re: Logging commands executed in shell

Using the HIST file, can incorporate date/time

# Set History File
HISTFILE=/home/root/.sh_history_"${HST}"_"${USR}"-as-"${NAME}"_`date +%y%m%d.%H%M%S_$$`
export HISTFILE


The 1-liner you posted just recently can have the date functionality included with it. This way you get the date/time stamps as well.

0 Kudos
Reply
Laszlo Csizmadia
Frequent Advisor

тАО08-10-2005 05:12 AM

тАО08-10-2005 05:12 AM

Re: Logging commands executed in shell

Thanks Olivier!!
I exactly looking for something like this. I'll have a look at these tomorrow. Thanks.
0 Kudos
Reply
Laszlo Csizmadia
Frequent Advisor

тАО08-10-2005 05:14 AM

тАО08-10-2005 05:14 AM

Re: Logging commands executed in shell

Rick,

but I want a timestamp when e.g. the "ls -lR" was executed by user xyz.
What you wrote here just append a timestamp to the history file.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.