timestamp in ~/.sh_history ?

[ogniemi]

Is there any sure way to have timestamp (for example: every 10 commands) stored in history file?

regards,m.

 

[bimux]

I think what you want is to keep a copy of the history file and indicate timestamp. the history file has a limited number of line it remembers ...

I would setup a cron job which would copy the history file, add a time value and append the whole thing to a file you will keep for the record. This could be triggered if the history file changed or not.
You also may want to get some other files which would indicate who was logged in at the time, etc.

Hope this helps.

 

[sbix]

An "almost solution" could be to set different .sh_history for each connection from the same host for the same user, then insert a "date >> $HISTFILE" at the end of .profile
The HISTFILE name could reflect the line name and the login time, so you can keep track of each command ran from a single connection.
Keep in mind you have to protect the .profile file to be altered by the user

 

[sbix]

Furthermore ... nothing can preserve the .sh_history file by a malicious user ...

 

[Ogzilal]

Hi,
.sh_history file is not a plain text file. It has some proprietary format so you can't write directly to that file.

see the display of file command

# file .sh_history
.sh_history: Ultrix-11 Stand-alone or boot executable
# file .profile
.profile: data or International Language text

All what you can do is write a script that :
1) runs forever
2) sleep some number of seconds
3) wake up an save the .sh_history file to a sh_hit.$(date)
4) sleeps again
etc...

 

[sbix]

Sorry aau ... but appending something to .sh_history file by issuing a "date >> .sh_history" it's exactly what I did .... I have the reuslt of a tail .sh_history behind my eyes .... ))

 

[Ogzilal]

Hi sbix,
Maybe tail can work, but try to add dates at some intervals and then grep them in that file and tell me what you see!

 

[unixfreak]

I have only ever seen plain text .sh_history files.

Cheers

 

[sbix]

Sorry aau ... I did further test ... it works!!!
I did the following
echo "\n"`date`"\n" >> .sh_history
command
command
command
echo "\n"`date`"\n" >> .sh_history
grep NFT .sh_history
The result was:
Mon Dec 1 15:58:41 NFT 2003
Mon Dec 1 15:58:55 NFT 2003

 

[Ogzilal]

Re-Hi sbix
Are we using the same os
# oslevel -r
4330-10

Now we are sure you have some echo and date commands in your .sh_history.
grep "echo" .sh_history
grep "date" .sh_history

 

[sbix]

Hi aau another time
You can do it ... with some little modifications:

cat .sh_history|tr -d "\000" |grep date

)))))))))))))

we are using same OS

 

[bi]

aau, I get the same output you do for .sh_history (Ultrix-11 Stand-alone or boot executable) on a system with 5.2.

But I agree with unixfreak: I have never ever seen .sh_history be other than a text file. (You may occasionally get some weird looking characters, but I've always thought it was because of backspacing. Just a guess, but it's not really important.

Looks like a bug for the file command. On other flavors of Unix, I get either "commands text" or "ascii text".

 

[sbix]

Hi bi,
I tried to issue the following command:
cat .sh_history|od -x |head
I saw the records seem separated by a couple of HEX(00) bytes, this is the reason way I striped out them

 

[Ogzilal]

Hi;
the only way I have found to grep something in .sh_history is discarding non printable chars( print them but not treat) this way:

cat -v .sh_history|grep "some command"

 

[sbix]

Hi aau,
for a more readable output you can do something like:
cat -v .sh_history|sed 's/\^[@-Z]//g' |grep "some command"

 

[Ogzilal]

Thank you sbix,
It's less sade with a little sed.

 

[ogniemi]

Hello,
I have a "xlC.aix50.rte.6.0.0.9" in the AIXs 5.2 but every time I check fixes status with IBM site (via Fix Central:

http://www-912.ibm.com/eserver/support/fixes/fcgui.jsp)

it lists following updates for my systems:

Fileset name Protocol Info file Byte count
xlC.aix50.rte.6.0.0.0 HTTP FTP Info 18118656
xlopt.aix50.lib.1.3.2.0 HTTP FTP Info 452096
xlopt.tools.1.3.2.0 HTTP FTP Info 1852416


It makes no sense to install xlC.aix50.rte.6.0.0.0 having xlC.aix50.rte.6.0.0.9 so why it generates the list?


# lslpp -l xlC.aix50.rte.6.0.0.0
lslpp: 0504-132 Fileset xlC.aix50.rte.6.0.0.0 not installed.
# lslpp -l xlC.*
Fileset Level State Description
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
xlC.aix50.rte 6.0.0.9 COMMITTED C Set ++ Runtime for AIX 5.0
xlC.cpp 5.0.2.0 COMMITTED C for AIX Preprocessor
xlC.msg.en_US.cpp 5.0.2.0 COMMITTED C for AIX Preprocessor
Messages--U.S. English
xlC.msg.en_US.rte 6.0.0.0 COMMITTED C Set ++ Runtime
Messages--U.S. English
xlC.rte 6.0.0.0 COMMITTED C Set ++ Runtime
# grep xlC /tmp/lslpp.txt
xlC.aix50:xlC.aix50.rte:6.0.0.9: : :C:F:C Set ++ Runtime for AIX 5.0: : : : : : :0:0:
xlC.cpp:xlC.cpp:5.0.2.0: : :C: :C for AIX Preprocessor: : : : : : :1:0:
xlC.msg.en_US.cpp:xlC.msg.en_US.cpp:5.0.2.0: : :C: :C for AIX Preprocessor Messages--U.S. English: : : : : : :1:0:
xlC.msg.en_US:xlC.msg.en_US.rte:6.0.0.0: : :C: :C Set ++ Runtime Messages--U.S. English: : : : : : :1:0:
xlC.rte:xlC.rte:6.0.0.0: : :C: :C Set ++ Runtime: : : : : : :1:0:
#
# lppchk -v
#
txh in advance for any answer,
regards,m.

 

[ogniemi]

sorry for above message - put by mistake.

 

[jpetitt1]

I use the following in my .kshrc file...

if [[ $- = *i* ]]
then
print -s "# $(who am i |xargs) logging in $(date)"
trap 'print -s "# $(who am i |xargs) logging out $(date)"' EXIT
fi


Also I execute a perl script once an hour as root to see if any .sh_history files have changed in the last hour and print a timestamp (if it has changed) with something like...

#!/usr/bin/perl
.
.
print OUTPUT "\t\t####$date \n\0" ;
.
.


I use "#" in the print commands to prevent the entry from being recalled and executed by accident. It also makes it easy to see when looking at the HISTFILE.