HPE Community
Operating System - HP-UX
1847098 Members
5163 Online
110263 Solutions
New Discussion

Tracking sh_history

 
SOLVED
Go to solution
TheJuiceman
Super Advisor

‎09-28-2004 01:19 PM

‎09-28-2004 01:19 PM

Tracking sh_history

I want to create a job that will go out each day and copy the .sh_history from our users to a log file that gets appended to. I would like it to insert each users ID along with the date for each entry. Then clear out each person's .sh_history each day once it has been copied. Any suggestions on how to go about doing this? Thanks
0 Kudos
Reply
7 REPLIES 7
Muthukumar_5
Honored Contributor

‎09-28-2004 09:45 PM

‎09-28-2004 09:45 PM

Re: Tracking sh_history

We can collect non-system users as,

listusers so that,

we can append all system users history every day as,

# Use with root user
COMHISTFILE=/var/adm/syslog/histfile.log
COMHISTERR=/var/adm/syslog/histfile.err

for user in `listusers`; do

id $user >> $COMHISTFILE
echo $user >> $COMHISTFILE
date >> $COMHISTFILE

if [[ -f /home/$user/.sh_history ]]
then
cat /home/$user/.sh_history >> $COMHISTFILE
else
echo "History file /home/$user/.sh_history not found" >> $COMHISTERR
fi

done

Simulate this with cron job or execute on command line on particular time there.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-28-2004 10:29 PM

‎09-28-2004 10:29 PM

Re: Tracking sh_history

We can do more effectively when some user changes their history file then,

#!/usr/bin/sh
# permission to run - super user

# Command history and error file
COMHISTFILE=/var/adm/history.log
COMERRFILE=/var/adm/history.err

# Log appending
for user `listusers`; do

echo "==============================" >> $COMHISTFILE
echo "USER: $user" >> $COMHISTFILE
echo "DATE: $(date)" >> $COMHISTFILE
echo "ID: $(id $user)" >> $COMHISTFILE
echo "==============================" >> $COMHISTFILE

hist=$(su - $user -c "echo $HISTFILE")

if [[ -f $hist ]]
then
cat $hist >> $COMHISTFILE
else
echo "ERROR: $user has no history file there" $COMERRFILE
fi
done


IF you want to change the location of common history file some where then be care that normal users can not access it.

/var/adm/ directory will be with access to root user only.
Easy to suggest when don't know about the problem!
0 Kudos
Reply
TheJuiceman
Super Advisor

‎09-29-2004 10:27 AM

‎09-29-2004 10:27 AM

Re: Tracking sh_history

Thank you for the suggestion, however, it does not work. Any thoughts? Thanks.
0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-29-2004 10:45 AM

‎09-29-2004 10:45 AM

Solution

Re: Tracking sh_history

Bobby,

You can try something like this

Create a script that captures these log files

# vi /usr/local/bin/sh_hist_cap.sh

HIST_ARCH=/var/adm/logs/hist.archive
logins | awk '{print $1}' | while read USER
do
( echo "====================================================="
echo " Login : $USER Date: $(date)"
echo "====================================================="
cat ~${USER}/.sh_history
echo "====================================================="
) >> $HIST_ARCH
> ~${USER}/.sh_history
done
#
# mkdir /var/adm/logs
# chmod +x /usr/local/bin/sh_hist_cap.sh
# crontab -e
45 23 * * * /usr/local/bin/sh_hist_cap.sh
#

Schedule this job to run everyday at say 11:45 PM, for example.

- Sundar.
Learn What to do ,How to do and more importantly When to do ?
Reply
TheJuiceman
Super Advisor

‎09-29-2004 12:08 PM

‎09-29-2004 12:08 PM

Re: Tracking sh_history

Sundar,

Thank you for the script. It is exactly what I was looking for!!!

How would be the best way to eliminate users who do not have a .sh_history file? Thanks again.

Bobby
0 Kudos
Reply
Sundar_7
Honored Contributor

‎09-29-2004 12:19 PM

‎09-29-2004 12:19 PM

Re: Tracking sh_history

Bobby,

1) This will completely skip the logins without the history file

# vi /usr/local/bin/sh_hist_cap.sh
HIST_ARCH=/var/adm/logs/hist.archive
logins | awk '{print $1}' | while read USER
do
[[ ! -f ~$USER/.sh_history ]] && continue
( echo "====================================================="
echo " Login : $USER Date: $(date)"
echo "====================================================="
cat ~${USER}/.sh_history
echo "====================================================="
) >> $HIST_ARCH
> ~${USER}/.sh_history
done
#


2) This will log a message in the hist.archive for the logins without the history file.

# vi /usr/local/bin/sh_hist_cap.sh

HIST_ARCH=/var/adm/logs/hist.archive
logins | awk '{print $1}' | while read USER
do
( echo "====================================================="
echo " Login : $USER Date: $(date)"
echo "====================================================="
if [ -f ~${USER}/.sh_history ]
then
cat ~${USER}/.sh_history
else
echo "\t\tNo .sh_history for the user !!"
fi
echo "====================================================="
) >> $HIST_ARCH
> ~${USER}/.sh_history
done
#

- Sundar
Learn What to do ,How to do and more importantly When to do ?
Reply
TheJuiceman
Super Advisor

‎09-29-2004 03:00 PM

‎09-29-2004 03:00 PM

Re: Tracking sh_history

Awesome!!! Thank you guys for all of the help!!!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.