| 1 |
On September 12, 2018 5:05:21 PM UTC, Grant Taylor <gtaylor@×××××××××××××××××××××.net> wrote: |
| 2 |
>On 09/12/2018 09:59 AM, J. Roeleveld wrote: |
| 3 |
>> This piqued my interest and decided to google a little bit. Found |
| 4 |
>the |
| 5 |
>> following, which might help: |
| 6 |
>> |
| 7 |
>> |
| 8 |
>https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server |
| 9 |
> |
| 10 |
>I would not want to rely on the PROMPT_COMMAND environment variable. |
| 11 |
> |
| 12 |
>1) It's a user setting, which means users should be able to change it. |
| 13 |
>2) Protecting it (setting it read only) will likely annoy users. (I |
| 14 |
>know many that have used the PROMPT_COMMAND for their own uses.) |
| 15 |
>3) It's still possible to start another shell that does not have the |
| 16 |
>PROMPT_COMMAND set to what you want. |
| 17 |
|
| 18 |
Mentioned this as well. :) |
| 19 |
It works if the user wants this to work. From what I understand, the customer of OP wants the record. Which means I would expect OP not to try to get out of it. |
| 20 |
|
| 21 |
>> Same method is described in: |
| 22 |
>> |
| 23 |
>> |
| 24 |
>https://serverfault.com/questions/323270/how-can-i-make-bash-to-log-shell-commands-to-syslog |
| 25 |
> |
| 26 |
>Same issues as above. |
| 27 |
> |
| 28 |
>> This will help if all you do is working within bash. If you switch to |
| 29 |
> |
| 30 |
>> a different shell or run scripts, the logging obviously fails. |
| 31 |
> |
| 32 |
>Yep. This is one of the primary problems with relying on anything that |
| 33 |
> |
| 34 |
>is traditionally user controllable. |
| 35 |
> |
| 36 |
>> Another method might be: https://www.linuxjournal.com/article/6144 |
| 37 |
> |
| 38 |
>I've never messed with process accounting. Does it actually record the |
| 39 |
> |
| 40 |
>details that the OP wants? |
| 41 |
> |
| 42 |
>I thought (naively assumed?) that process accounting was more for |
| 43 |
>tracking computer resource consumption, primarily for billing and / or |
| 44 |
>rate limiting. |
| 45 |
|
| 46 |
From what I read, it records user, processname and other statistics. I would assume this would cover more than what OP requested. It also would record script contents. |
| 47 |
But not sure if it would also record full commandlines and I/O actions. |
| 48 |
|
| 49 |
|
| 50 |
>> This is an older document, but might still be made to work as it uses |
| 51 |
> |
| 52 |
>> "process accounting" which is still in the kernel afaik. |
| 53 |
> |
| 54 |
>I've seen hints of process accounting in relatively modern kernels. |
| 55 |
|
| 56 |
|
| 57 |
Same here |
| 58 |
|
| 59 |
|
| 60 |
-- |
| 61 |
Sent from my Android device with K-9 Mail. Please excuse my brevity. |
Archives