Save root or user history to check later

by jagbir on April 22, 2008

Some times we need a way to automatically save any user’s or root’s activity so that we can check later. In environment, where root account is accessible by multiple people, its very helpful to exactly know who did what and when? In my case, I have found that some files are changed mysteriously but I was clueless as there are more than one users with root access.

To save the activity/history of any user (including root), you need to open the user’s .bash_profile from his home directory.

Here, for instance, I would like to record all commands in a file when a user login as root or su to root. History will be stored in a file with name as DateTimeIPAddress from where user came.

Step 1. Go to root’s home:

$ cd ~

Step 2. You can make a hidden directory so that all history files will be stored there:

$ mkdir .rhistdata

Step 3. Open .bash_profile and write down following commands:

$ vi .bash_profile
# save root history
export HISTSIZE=3000
export HISTFILESIZE=5000
export HISTFILE=/root/.rhistdata/.bash_hist-$(who am i | awk '{print $3.$4.$5.$6}';exit)

Save and close the file.

It’s simple. You can try to login again as root, do something and logout. Login again and check that there’s file having all commands you performed.

* 5 steps to secure your Linux Server
* Ensuring secure access to production Linux Servers
* Bash script to backup essential log files in Linux
* Quickly change your ssh port from defualt 22 to something higher
* SSH port forwarding from remote to local machine
* Install and configure denyhost to prevent brute force attacks

  • Chandra Rubino

    80%off on ALL packages with hostgator for this black friday tinyurl comhghosting101

Previous post:

Next post: