1 |
On Wed, 16 Jul 2008, Richard Marzan wrote: |
2 |
|
3 |
> Is there a tool or a way of keeping track of which commands user's are |
4 |
> executing on a system? I understand that history files can be wiped out |
5 |
> and they don't really contain the time at which a command and it's |
6 |
> arguments were run so I refrain from relying on it. |
7 |
|
8 |
On traditional UNIX systems, system accounting logs (usually called |
9 |
acct) can be read via the lastcomm command. Im guessing that the |
10 |
sys-process/acct ebuild will give you those commands. |
11 |
|
12 |
NOTE: You will also need kernel support for process/login accounting - |
13 |
look for "process accounting" in your kernel config and make sure it is |
14 |
switched on. (Natrually, you will need to rebuild your kernel / modules if |
15 |
it isn't switched on and reboot to activate it). |
16 |
|
17 |
|
18 |
UPDATE: I just checked one of my kernels and the config option is called |
19 |
"BSD-style process accouting" - it lives in General Setup when configuring |
20 |
a kernel. |
21 |
|
22 |
|
23 |
-- |
24 |
A |
25 |
-- |
26 |
gentoo-user@l.g.o mailing list |