Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
audit/log root login history and commands
- Thread starter jlaw10
- Start date
AvayaTier3
Technical User
set | grep -i history
run this command logged in as root and it will show where the linux command line history is being stored for bash shell or kornshell.
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
36 years Bell, AT&T, Lucent, Avaya
Tier 3 for 26 years and counting
run this command logged in as root and it will show where the linux command line history is being stored for bash shell or kornshell.
A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"
bsh
36 years Bell, AT&T, Lucent, Avaya
Tier 3 for 26 years and counting
- Thread starter
- #3
Thanks for the comment. The "set | grep -i history" command lists the history file location and I am able to see the commands within the history file. I need to take it a step further by listing which user runs which commands as root (also timestamps if possible).
If they use sudo, it'll be in /var/log/secure. If they "sudo su -", then you won't see the commands that they run, just that they became root. Once they've su'd to root, the commands are in root's history file, but that won't indicate the user.
- Status
