HPE Community
Operating System - HP-UX
1847897 Members
3542 Online
104021 Solutions
New Discussion

Wnat to record all the activitys done by any user

 
FOIS CRIS
Occasional Contributor

‎02-22-2006 08:11 PM

‎02-22-2006 08:11 PM

Wnat to record all the activitys done by any user

I want to record all the activities done by any user on UNIX. Kindly send the the script to perform this action. I want to record all the commands and their output.
0 Kudos
Reply
7 REPLIES 7
Arunvijai_4
Honored Contributor

‎02-22-2006 08:16 PM

‎02-22-2006 08:16 PM

Re: Wnat to record all the activitys done by any user

Hello,

You need to export HISTFILE in user's .profile. Just like,

export HISTFILE=$HOME/.sh_history.

It should be enough.,

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

‎02-22-2006 08:25 PM

‎02-22-2006 08:25 PM

Re: Wnat to record all the activitys done by any user

Hi fois,

Collecting the commands issued might be wise but not its output, as the log can grow too huge.

So if indeed u are bent upon capturing the output aswell, make sure u include the following line at the end of .profile file in all home directories,

script -a /var/collect/${LOGNAME}_collect

Then u need to write the script to purge the files in /var/collect/ directory and archive it, as it could be really huge.

/var/collect was just a example used here.

One problem is the users could simply delete the last entry in .profile if they find that they are being spied, better u could make .profile readonly.


A enterprise soultion is available , called CA's autosecure or e-trust, but again it only logs commands used not its output. It is a advanced counter part of central user administration like nis.

anyway, and offbeat implementaion should work , without spilling much of dollors..

regards,
senthil.

P.S: please wait for others aswell to respond.

Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Reply
Vibhor Kumar Agarwal
Esteemed Contributor

‎02-22-2006 08:31 PM

‎02-22-2006 08:31 PM

Re: Wnat to record all the activitys done by any user

If you want to track only the command you can have the history file.

If you want the output also then you can use the "script" command.
This will redirect everything to the file you give.
Vibhor Kumar Agarwal
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎02-22-2006 08:33 PM

‎02-22-2006 08:33 PM

Re: Wnat to record all the activitys done by any user

Few ways:

1) Enabling History:


In /etc/profile file as,

export HISTFILE=$HOME/.profile_${USERNAME}
export HISTSIZE=2500

and save it. You can check the history based on the user name.

More better create a separate directory for history and change the location of HISTFILE to this directory say (history) instead of their HOME directory.

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎02-22-2006 08:37 PM

‎02-22-2006 08:37 PM

Re: Wnat to record all the activitys done by any user

More ways as,

in /etc/profile,

start a script file in append mode as,

script -a /history/histfile_${USERNAME}

Note: Create a history file and give enough permission to all users to log the informations into /history directory.

Another way,

to convert your system to trusted mode to log all the things. (Auditing)

--
Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎02-22-2006 08:41 PM

‎02-22-2006 08:41 PM

Re: Wnat to record all the activitys done by any user

Hello,

Check these threads,

http://forums1.itrc.hp.com/service/forums/bizsupport/questionanswer.do?threadId=14568
http://forums1.itrc.hp.com/service/forums/bizsupport/questionanswer.do?threadId=127593

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎02-22-2006 10:03 PM

‎02-22-2006 10:03 PM

Re: Wnat to record all the activitys done by any user

hi,
also have a look at tripwire.

see also: http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=876110

hope this helps!

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.