We help IT Professionals succeed at work.

User activity on unix account

IKeystone
IKeystone asked
on
875 Views
Last Modified: 2012-06-27
Hello experts,
I need your help to establish some mechanism to track users activity on specific account

1. All users have personal accounts.
2. They login using ssh from personal account to special one

Here I need to log all history what commands users run on special account with format like below:

UserName (mean from where login was done) -  Command  - Time

Thanks in advance
Comment
Watch Question

> UserName (mean from where login was done)
see /var/log/syslog or /var/log/messages or similar
or use commands like: last, lastlog

> Command  - Time
see shell's history file (if enabled)
CERTIFIED EXPERT
Most Valuable Expert 2012
Distinguished Expert 2019

Commented:
What flavor of Unix?

There is a lot of information out there on user auditing if you look around for your specific Unix.

For example:
http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html
http://www.observeit-sys.com/Products/UnixAuditingTips

Author

Commented:
Guys, you missed the point. Audit user is not a problem. Problem is audit user that login from his personal account to special one. There can be 10 or more users same time on this special account. And I need to know what exactly they doing.
CERTIFIED EXPERT
Most Valuable Expert 2012
Distinguished Expert 2019

Commented:
Please explain what you mean by ssh into a special account.
> And I need to know what exactly they doing.
do you mean you want logs like:

  userA - as special account - time - doing
  userB - as special account - time - doing
  ...

This is not possible if they are all logged in to that special account at same time.
You better let them use their own personal account and execute the commands they need using sudo or ssh configured for commands.

Author

Commented:
Hello ahoffmann,
You are totally right. It should be like

UserA - time- -doing-
UserB - time- -doing-
UserC - time- -doing-

This special account configured and using for builds and allow parallel  usage. Personal account using for different things like development, private builds, etc.
I can trace history of this account, but don't know who run command and when. That is a biggest challenge.

Do you know some way to have different .sh_history files ?
Like each user login to the special account will create his own history file ?

.sh_history.UserA .sh_history.UserB .....
bash, ksh,pdksh, zsh:
  use environment variable HISTFILE

csh and tcsh:
  use shell variable histfile

set these variables according $USER in your login-rc file
Executive IT Director, (EE MVE)
CERTIFIED EXPERT
Most Valuable Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
> .. this expects all users use "su - <username>", if they login directly there is no way to track.
hmm, how does this solve the requirement from the question:
  > 2. They login using ssh
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.