Tuesday, April 30, 2024
Homepage · bash
 Popular · Latest · Hot · Upcoming
41
rated 0 times [  41] [ 0]  / answers: 1 / hits: 101936  / 1 Year ago, sun, may 21, 2023, 1:52:29

Our small company runs an Ubuntu Server 11.10, to which a couple of people have SSH access. The actual terminals are sometimes used, too. How can we locally log all Bash commands run, along with user and time stamp?



We can assume that no-one is nefarious and actively trying to avoid the logging, but we'd still prefer the users not to have direct write-access to their log files. Simultaneous sessions must be handled correctly.


More From » bash
 Answers
2

For BASH shells, edit the system-wide BASH runtime config file:



sudo -e /etc/bash.bashrc


Append to the end of that file:



export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]+[ ]*//" ) [$RETRN_VAL]"'


Set up logging for "local6" with a new file:



sudo -e /etc/rsyslog.d/bash.conf


And the contents...



local6.*    /var/log/commands.log


Restart rsyslog:



sudo service rsyslog restart


Log out. Log in. Voila!



But I forgot about log rotation:



sudo -e /etc/logrotate.d/rsyslog


There is a list of log files to rotate the same way...



/var/log/mail.warn

/var/log/mail.err

[...]

/var/log/message


So add the new bash-commands log file in that list:



/var/log/commands.log


Save.


[#41082] Tuesday, May 23, 2023, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
fectlyole
Add To Favorites
Follow
Total Points: 64
Total Questions: 110
Total Answers: 110
Location: Nicaragua
Member since Thu, Feb 3, 2022
2 Years ago
fectlyole questions
Sun, May 8, 22, 02:54, 2 Years ago
Mon, Jun 21, 21, 16:56, 3 Years ago
Mon, May 17, 21, 02:21, 3 Years ago
Mon, Jun 20, 22, 14:48, 2 Years ago
Fri, Jul 9, 21, 17:44, 3 Years ago
View All
;