I have a server that i need to monitor what the .bash_history file for the root user already logged in to the server
I am logged in as root and have another person logged on as root and i want to monitor what they are doing:
root ? :0 2010-10-19 11:54
root + pts/1 2010-10-22 02:27 (192.168.170.1)
root + pts/2 2010-10-19 11:59 (:0.0)
root + pts/3 2010-10-22 03:41 (192.168.170.1)
I am using pts/1 and other person is using pts/3 i want to see what they are doing and need to know how to do this with out scripting something to monitor activity.
thanks.
First, here's hoping your hat is white!
Every terminal shell writes to .*sh_history independently, and if two are active at once, the file may not show all the commands of both. You might set up the .bashrc so every login gets a fresh history file named with date-time, tty and pid. And even then, anything they put is a script is not recorded, nor if they move over to ksh/csh/tcsh/sh shell, or cat -u|bash to simulate a script. Finally, these files roll over at $HISTSIZE.
First, you want to not use the shell or history file they are using, so you do not mix your history.
You can truss/tusc their bash pid and see all to much detail, if you have it or something similar. These commands give you all kernel calls, even if the app is already running and you do not have the source.
There may be network or terminal ways to watch their interactions.
Man Page for bash (Linux Section 0) - The UNIX and Linux Forums
HISTCONTROL
A colon-separated list of values controlling how commands are
saved on the history list. If the list of values includes
ignorespace, lines which begin with a space character are not
saved in the history list. A value of ignoredups causes lines
matching the previous history entry to not be saved. A value of
ignoreboth is shorthand for ignorespace and ignoredups. A value
of erasedups causes all previous lines matching the current line
to be removed from the history list before that line is saved.
Any value not in the above list is ignored. If HISTCONTROL is
unset, or does not include a valid value, all lines read by the
shell parser are saved on the history list, subject to the value
of HISTIGNORE. The second and subsequent lines of a multi-line
compound command are not tested, and are added to the history
regardless of the value of HISTCONTROL.
HISTFILE
The name of the file in which command history is saved (see HIS-
TORY below). The default value is ~/.bash_history. If unset,
the command history is not saved when an interactive shell
exits.
HISTFILESIZE
The maximum number of lines contained in the history file. When
this variable is assigned a value, the history file is trun-
cated, if necessary, by removing the oldest entries, to contain
no more than that number of lines. The default value is 500.
The history file is also truncated to this size after writing it
when an interactive shell exits.
HISTIGNORE
A colon-separated list of patterns used to decide which command
lines should be saved on the history list. Each pattern is
anchored at the beginning of the line and must match the com-
plete line (no implicit `*' is appended). Each pattern is
tested against the line after the checks specified by HISTCON-
TROL are applied. In addition to the normal shell pattern
matching characters, `&' matches the previous history line. `&'
may be escaped using a backslash; the backslash is removed
before attempting a match. The second and subsequent lines of a
multi-line compound command are not tested, and are added to the
history regardless of the value of HISTIGNORE.
HISTSIZE
The number of commands to remember in the command history (see
HISTORY below). The default value is 500.