1 |
On 09/12/2018 09:59 AM, J. Roeleveld wrote: |
2 |
> This piqued my interest and decided to google a little bit. Found the |
3 |
> following, which might help: |
4 |
> |
5 |
> https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server |
6 |
|
7 |
I would not want to rely on the PROMPT_COMMAND environment variable. |
8 |
|
9 |
1) It's a user setting, which means users should be able to change it. |
10 |
2) Protecting it (setting it read only) will likely annoy users. (I |
11 |
know many that have used the PROMPT_COMMAND for their own uses.) |
12 |
3) It's still possible to start another shell that does not have the |
13 |
PROMPT_COMMAND set to what you want. |
14 |
|
15 |
> Same method is described in: |
16 |
> |
17 |
> https://serverfault.com/questions/323270/how-can-i-make-bash-to-log-shell-commands-to-syslog |
18 |
|
19 |
Same issues as above. |
20 |
|
21 |
> This will help if all you do is working within bash. If you switch to |
22 |
> a different shell or run scripts, the logging obviously fails. |
23 |
|
24 |
Yep. This is one of the primary problems with relying on anything that |
25 |
is traditionally user controllable. |
26 |
|
27 |
> Another method might be: https://www.linuxjournal.com/article/6144 |
28 |
|
29 |
I've never messed with process accounting. Does it actually record the |
30 |
details that the OP wants? |
31 |
|
32 |
I thought (naively assumed?) that process accounting was more for |
33 |
tracking computer resource consumption, primarily for billing and / or |
34 |
rate limiting. |
35 |
|
36 |
> This is an older document, but might still be made to work as it uses |
37 |
> "process accounting" which is still in the kernel afaik. |
38 |
|
39 |
I've seen hints of process accounting in relatively modern kernels. |
40 |
|
41 |
|
42 |
|
43 |
-- |
44 |
Grant. . . . |
45 |
unix || die |