Link to home
Start Free TrialLog in
Avatar of IKeystone
IKeystoneFlag for United States of America

asked on

User activity on unix account

Hello experts,
I need your help to establish some mechanism to track users activity on specific account

1. All users have personal accounts.
2. They login using ssh from personal account to special one

Here I need to log all history what commands users run on special account with format like below:

UserName (mean from where login was done) -  Command  - Time

Thanks in advance
Avatar of ahoffmann
Flag of Germany image

> UserName (mean from where login was done)
see /var/log/syslog or /var/log/messages or similar
or use commands like: last, lastlog

> Command  - Time
see shell's history file (if enabled)
Avatar of slightwv (䄆 Netminder)
slightwv (䄆 Netminder)

What flavor of Unix?

There is a lot of information out there on user auditing if you look around for your specific Unix.

For example:
Avatar of IKeystone


Guys, you missed the point. Audit user is not a problem. Problem is audit user that login from his personal account to special one. There can be 10 or more users same time on this special account. And I need to know what exactly they doing.
Please explain what you mean by ssh into a special account.
> And I need to know what exactly they doing.
do you mean you want logs like:

  userA - as special account - time - doing
  userB - as special account - time - doing

This is not possible if they are all logged in to that special account at same time.
You better let them use their own personal account and execute the commands they need using sudo or ssh configured for commands.
Hello ahoffmann,
You are totally right. It should be like

UserA - time- -doing-
UserB - time- -doing-
UserC - time- -doing-

This special account configured and using for builds and allow parallel  usage. Personal account using for different things like development, private builds, etc.
I can trace history of this account, but don't know who run command and when. That is a biggest challenge.

Do you know some way to have different .sh_history files ?
Like each user login to the special account will create his own history file ?

.sh_history.UserA .sh_history.UserB .....
bash, ksh,pdksh, zsh:
  use environment variable HISTFILE

csh and tcsh:
  use shell variable histfile

set these variables according $USER in your login-rc file
Avatar of madunix

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
> .. this expects all users use "su - <username>", if they login directly there is no way to track.
hmm, how does this solve the requirement from the question:
  > 2. They login using ssh