HPE Community
Operating System - HP-UX
1840432 Members
6667 Online
110164 Solutions
New Discussion

Re: Monitoring user's act

 
FireDragon.Xu
Advisor

‎10-27-2001 11:59 PM

‎10-27-2001 11:59 PM

Monitoring user's act

Hi,all

I want to wirte a script to Monitoring user's act,including every command was the user used until log out.

I hope that script can generate or redirect to a file as i specified.

Which expert can help me to write it?

Thanks.

Jackie Xu

I believe i can fly!
0 Kudos
Reply
9 REPLIES 9
Santosh Nair_1
Honored Contributor

‎10-28-2001 03:14 AM

‎10-28-2001 03:14 AM

Re: Monitoring user's act

Why not just set the user's HISTFILE variable and then go through the user's history. The HISTFILE should contain all the commands run by the user.

Hope this helps.

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
FireDragon.Xu
Advisor

‎10-28-2001 04:01 AM

‎10-28-2001 04:01 AM

Re: Monitoring user's act

hello,Santosh

How to do,please?

Jacie Xu
I believe i can fly!
0 Kudos
Reply
Santosh Nair_1
Honored Contributor

‎10-28-2001 05:16 AM

‎10-28-2001 05:16 AM

Re: Monitoring user's act

This is simple...just modify /etc/profile to include the following line:

export HISTFILE=/tmp/.sh_history.$LOGNAME

This way, when the user logs in, the file /tmp/.sh_history. is created and this files contains all the commands that the user enters.

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎10-28-2001 05:36 AM

‎10-28-2001 05:36 AM

Re: Monitoring user's act

Hi Jackie:

You might consider establishing a 'script' file at the end of the user's $HOME/.profile:

...
script userlog

See the man pages for 'script' for more details.

Regards!

...JRF...
0 Kudos
Reply
Eugen Cocalea
Respected Contributor

‎10-28-2001 06:45 AM

‎10-28-2001 06:45 AM

Re: Monitoring user's act

Hi,

putting things in user's profile can be overwritten by the users. A solution would be to put it in /etc/profile.

E.
To Live Is To Learn
0 Kudos
Reply
Eugen Cocalea
Respected Contributor

‎10-28-2001 06:52 AM

‎10-28-2001 06:52 AM

Re: Monitoring user's act

Hi again,

and putting it in the /etc/profile will result in the file to be created with the user as its owner thus writtable by user.

E.
To Live Is To Learn
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎10-28-2001 07:31 AM

‎10-28-2001 07:31 AM

Re: Monitoring user's act

Hi (again) Jackie:

Obviously, the shell history file and my simple suggestion of capturing a session's dialog into a file leave the control of those files in the user's hands. The user can easily remove or null the files used to collect the data.

If you really want to collect and monitor accounting information you need to setup system accounting functionality.

Begin by looking at the man pages for 'last' (man 1 last) and 'acct' (man 1M acct). Have a look too, via:

http://docs.hp.com/

There is also an older white paper in the Technical Knowledge Base (#OALWP06950320) that provides a good overview of accounting in general.

Regards!

...JRF...
0 Kudos
Reply
Michael Tully
Honored Contributor

‎10-28-2001 01:46 PM

‎10-28-2001 01:46 PM

Re: Monitoring user's act

Hi,

The suggestion of setting up user
accounting is of course the best
method if you want to capture user's
commands etc. This is about the only
way you monitor without the risk of
the user examining and overwriting files.
Just be aware that if you start using
accounting on all users or even a fair
number your system will consume disk
space, so be aware of this before
you start.

HTH
-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎10-28-2001 03:17 PM

‎10-28-2001 03:17 PM

Re: Monitoring user's act

Jackie,

In most of the cases, whether monitoring
or not, it makes sense to set the history
for the user profiles:
HISTFILE=$HOME/.sh_history
HISTSIZE=1024 <- (Size in bytes. Default is 128 bytes; you can increase or
decrease it , depending on the disk space,
number of users , necessity )
export HISTFILE HISTSIZE

The above commands is for Posix shell.
For C shell, you would need to use the
"set" syntax.

The history file is not protection
against users who want to cover their tracks,
since it can be edited. The question arises,
what's the motivation for the Monitoring?
In all the production boxes i handle, we
don't do that level of monitoring. If it
is a necessity for you, you would need
to enable the accounting option. (check man acct), but that consumes space and resources.


-raj

Take it easy.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.