| 1 |
On 09/12/2018 09:59 AM, J. Roeleveld wrote: |
| 2 |
> This piqued my interest and decided to google a little bit. Found the |
| 3 |
> following, which might help: |
| 4 |
> |
| 5 |
> https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server |
| 6 |
|
| 7 |
I would not want to rely on the PROMPT_COMMAND environment variable. |
| 8 |
|
| 9 |
1) It's a user setting, which means users should be able to change it. |
| 10 |
2) Protecting it (setting it read only) will likely annoy users. (I |
| 11 |
know many that have used the PROMPT_COMMAND for their own uses.) |
| 12 |
3) It's still possible to start another shell that does not have the |
| 13 |
PROMPT_COMMAND set to what you want. |
| 14 |
|
| 15 |
> Same method is described in: |
| 16 |
> |
| 17 |
> https://serverfault.com/questions/323270/how-can-i-make-bash-to-log-shell-commands-to-syslog |
| 18 |
|
| 19 |
Same issues as above. |
| 20 |
|
| 21 |
> This will help if all you do is working within bash. If you switch to |
| 22 |
> a different shell or run scripts, the logging obviously fails. |
| 23 |
|
| 24 |
Yep. This is one of the primary problems with relying on anything that |
| 25 |
is traditionally user controllable. |
| 26 |
|
| 27 |
> Another method might be: https://www.linuxjournal.com/article/6144 |
| 28 |
|
| 29 |
I've never messed with process accounting. Does it actually record the |
| 30 |
details that the OP wants? |
| 31 |
|
| 32 |
I thought (naively assumed?) that process accounting was more for |
| 33 |
tracking computer resource consumption, primarily for billing and / or |
| 34 |
rate limiting. |
| 35 |
|
| 36 |
> This is an older document, but might still be made to work as it uses |
| 37 |
> "process accounting" which is still in the kernel afaik. |
| 38 |
|
| 39 |
I've seen hints of process accounting in relatively modern kernels. |
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
-- |
| 44 |
Grant. . . . |
| 45 |
unix || die |
Archives