1 |
>Is there a tool or a way of keeping track of which commands user's are |
2 |
>executing on a system? |
3 |
|
4 |
There is a .bash_history file in user's home folders. It contains all |
5 |
commands executed by this user. |
6 |
|
7 |
On Wed, Jul 16, 2008 at 7:22 PM, A. Khattri <ajai@××××.net> wrote: |
8 |
|
9 |
> On Wed, 16 Jul 2008, Richard Marzan wrote: |
10 |
> |
11 |
> I understand that history files can be wiped out |
12 |
>> and they don't really contain the time at which a command and it's |
13 |
>> arguments were run so I refrain from relying on it. |
14 |
>> |
15 |
> |
16 |
> On traditional UNIX systems, system accounting logs (usually called acct) |
17 |
> can be read via the lastcomm command. Im guessing that the sys-process/acct |
18 |
> ebuild will give you those commands. |
19 |
> |
20 |
> NOTE: You will also need kernel support for process/login accounting - look |
21 |
> for "process accounting" in your kernel config and make sure it is switched |
22 |
> on. (Natrually, you will need to rebuild your kernel / modules if it isn't |
23 |
> switched on and reboot to activate it). |
24 |
> |
25 |
> |
26 |
> UPDATE: I just checked one of my kernels and the config option is called |
27 |
> "BSD-style process accouting" - it lives in General Setup when configuring a |
28 |
> kernel. |
29 |
> |
30 |
> |
31 |
> -- |
32 |
> A |
33 |
> -- |
34 |
> gentoo-user@l.g.o mailing list |
35 |
> |
36 |
> |