User activity on unix account
Hello experts,
I need your help to establish some mechanism to track users activity on specific account
1. All users have personal accounts.
2. They login using ssh from personal account to special one
Here I need to log all history what commands users run on special account with format like below:
UserName (mean from where login was done) - Command - Time
Thanks in advance
I need your help to establish some mechanism to track users activity on specific account
1. All users have personal accounts.
2. They login using ssh from personal account to special one
Here I need to log all history what commands users run on special account with format like below:
UserName (mean from where login was done) - Command - Time
Thanks in advance
What flavor of Unix?
There is a lot of information out there on user auditing if you look around for your specific Unix.
For example:
http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html
http://www.observeit-sys.com/Products/UnixAuditingTips
There is a lot of information out there on user auditing if you look around for your specific Unix.
For example:
http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html
http://www.observeit-sys.com/Products/UnixAuditingTips
ASKER
Guys, you missed the point. Audit user is not a problem. Problem is audit user that login from his personal account to special one. There can be 10 or more users same time on this special account. And I need to know what exactly they doing.
Please explain what you mean by ssh into a special account.
> And I need to know what exactly they doing.
do you mean you want logs like:
userA - as special account - time - doing
userB - as special account - time - doing
...
This is not possible if they are all logged in to that special account at same time.
You better let them use their own personal account and execute the commands they need using sudo or ssh configured for commands.
do you mean you want logs like:
userA - as special account - time - doing
userB - as special account - time - doing
...
This is not possible if they are all logged in to that special account at same time.
You better let them use their own personal account and execute the commands they need using sudo or ssh configured for commands.
ASKER
Hello ahoffmann,
You are totally right. It should be like
UserA - time- -doing-
UserB - time- -doing-
UserC - time- -doing-
This special account configured and using for builds and allow parallel usage. Personal account using for different things like development, private builds, etc.
I can trace history of this account, but don't know who run command and when. That is a biggest challenge.
Do you know some way to have different .sh_history files ?
Like each user login to the special account will create his own history file ?
.sh_history.UserA .sh_history.UserB .....
You are totally right. It should be like
UserA - time- -doing-
UserB - time- -doing-
UserC - time- -doing-
This special account configured and using for builds and allow parallel usage. Personal account using for different things like development, private builds, etc.
I can trace history of this account, but don't know who run command and when. That is a biggest challenge.
Do you know some way to have different .sh_history files ?
Like each user login to the special account will create his own history file ?
.sh_history.UserA .sh_history.UserB .....
bash, ksh,pdksh, zsh:
use environment variable HISTFILE
csh and tcsh:
use shell variable histfile
set these variables according $USER in your login-rc file
use environment variable HISTFILE
csh and tcsh:
use shell variable histfile
set these variables according $USER in your login-rc file
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> .. this expects all users use "su - <username>", if they login directly there is no way to track.
hmm, how does this solve the requirement from the question:
> 2. They login using ssh
hmm, how does this solve the requirement from the question:
> 2. They login using ssh
see /var/log/syslog or /var/log/messages or similar
or use commands like: last, lastlog
> Command - Time
see shell's history file (if enabled)