| 1 |
>Is there a tool or a way of keeping track of which commands user's are |
| 2 |
>executing on a system? |
| 3 |
|
| 4 |
There is a .bash_history file in user's home folders. It contains all |
| 5 |
commands executed by this user. |
| 6 |
|
| 7 |
On Wed, Jul 16, 2008 at 7:22 PM, A. Khattri <ajai@××××.net> wrote: |
| 8 |
|
| 9 |
> On Wed, 16 Jul 2008, Richard Marzan wrote: |
| 10 |
> |
| 11 |
> I understand that history files can be wiped out |
| 12 |
>> and they don't really contain the time at which a command and it's |
| 13 |
>> arguments were run so I refrain from relying on it. |
| 14 |
>> |
| 15 |
> |
| 16 |
> On traditional UNIX systems, system accounting logs (usually called acct) |
| 17 |
> can be read via the lastcomm command. Im guessing that the sys-process/acct |
| 18 |
> ebuild will give you those commands. |
| 19 |
> |
| 20 |
> NOTE: You will also need kernel support for process/login accounting - look |
| 21 |
> for "process accounting" in your kernel config and make sure it is switched |
| 22 |
> on. (Natrually, you will need to rebuild your kernel / modules if it isn't |
| 23 |
> switched on and reboot to activate it). |
| 24 |
> |
| 25 |
> |
| 26 |
> UPDATE: I just checked one of my kernels and the config option is called |
| 27 |
> "BSD-style process accouting" - it lives in General Setup when configuring a |
| 28 |
> kernel. |
| 29 |
> |
| 30 |
> |
| 31 |
> -- |
| 32 |
> A |
| 33 |
> -- |
| 34 |
> gentoo-user@l.g.o mailing list |
| 35 |
> |
| 36 |
> |
Archives