Link to home
Create AccountLog in
Avatar of rares_dumitrescu
rares_dumitrescu

asked on

surveillance

hello, i want to create somethink like a surveillance, to show me users that make the command who. I want to make that in bash language or sh
Avatar of xDamox
xDamox
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi,

To see what commands a user has enter you can check the .bash_histroy

I would recommend you change this file to append only as it will stop the user clearing his/her
tracks. As root you could type:

chattr +a /home/<username>/.bash_histroy

Every now and they you could just look at the .bash_history to see what they have done.
Avatar of rares_dumitrescu
rares_dumitrescu

ASKER

I want that all users to be monitored.
Avatar of omarfarid
Hi,

if you are using bash / ksh / csh, then you may do the following:

1- The above shells support aliases. So, you may add the following alias to the users env.

alias who='echo who >> /tmp/who.log ; who'

2- you may run wc -l /tmp/who.log

Each user that will run who, will append one line to the log file. wc -l will give you count of these lines that reflects the number of times the command was used.
Additionally you can make a script to read all user's bash history and present it in a file with common commands filtered out . awk will be the best way to do it. add this entry to crontab and you can easily find the "unusual" commands users are running in one place.
Hi,

Well, how you will distinguish when the command was used. In the previous recommendation, the log file could be rotated / truncated over time intervals to get new counts, but you can not trancate / rotate history files of users since they are using it.
 
Hi,

It seams that I misunderstood the requirement.

The history files are good place, put you need to know that if command history count is set low, then you may miss some of the commands.
ASKER CERTIFIED SOLUTION
Avatar of xDamox
xDamox
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer