On Tuesday 13 April 2010 14:36:45 Matt Lawrence wrote: > On Tue, 13 Apr 2010, Aleksey Tsalolikhin wrote: > > You might want to look into process accounting - this way you'll have > > a record of > > all processes, including any commands ran. Might be too much data for > > you to sift through... > > Yeah, that would be way too much. This isn't a situation where there is a > problem with a malicious user, just one that did something to cause the > system to misbehave and can't remember exactly what. Command line logging > with a timestamp is quite adequate for this situation.
If you do: export HISTTIMEFORMAT="%F %T - " When you run the history command, you will get a timestamp. (you can change the format, see man date). But then you could run into the problem of multiple shells and which one gets written to the .bash_history when the accounts log out. I'd recommend adding this to the /etc/profile or /etc/bashrc so it will get picked up automatically each time someone logs in. You could probably do something neat with HISTFILE, like export HISTFILE="/var/log/history/`whoami`/history.`date +"%F-%T`.log" Which might make a new history log for each person, for each day and time they logged in at. (This is untested, use at own risk, should make the proper permissions for the directory). See the bash man page for more details Regards, Andrew _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
