I need to follow best practice for logging daily root login activity as well as commands executed as root user. What is the recommended method? We are implementing tighter security on one of our Prod Enterprise Linux boxes.
set | grep -i history
run this command logged in as root and it will show where the linux command line history is being stored for bash shell or kornshell.
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
36 years Bell, AT&T, Lucent, Avaya
Tier 3 for 26 years and counting
Thanks for the comment. The "set | grep -i history" command lists the history file location and I am able to see the commands within the history file. I need to take it a step further by listing which user runs which commands as root (also timestamps if possible).
If they use sudo, it'll be in /var/log/secure. If they "sudo su -", then you won't see the commands that they run, just that they became root. Once they've su'd to root, the commands are in root's history file, but that won't indicate the user.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.