nixCraft Linux Forum

nixCraft

Linux Tech Support Forum

See what commands have been run on your Linux server

This is a discussion on See what commands have been run on your Linux server within the Getting started tutorials forums, part of the Linux Getting Started category; It is really, a simple job, all you have to do is type history command to display the history of ...


Go Back   nixCraft Linux Forum > Linux Getting Started > Getting started tutorials

See what commands have been run on your Linux server See what commands have been run on your Linux server

Register FAQ Members List Calendar Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-17-2006, 04:10 PM
sweta's Avatar
Contributors
User
  
Join Date: Feb 2005
Location: New Delhi
My distro: Suse, RHEL, Vista
Posts: 152
Rep Power: 4
sweta will become famous soon enough
Default See what commands have been run on your Linux server
It is really, a simple job, all you have to do is type history command to display the history of commands:

Code:
history
history | less
Hope this helps some newbie out there
__________________
Friends - v-nessa - missyAdmin
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 12-07-2007, 11:31 AM
Junior Member
User
  
Join Date: Dec 2007
My distro: Debian
Posts: 12
Rep Power: 0
virendra is on a distinguished road
Default
#history

is the command to see all the commands enter by the terminal

it is stored in

/root/.bash_history file
for user root

and similarly for other users
in their home directory
Reply With Quote
  #3 (permalink)  
Old 12-08-2007, 09:09 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
My distro: Debian GNU/Linux
Posts: 482
Rep Power: 5
monk will become famous soon enough monk will become famous soon enough
Default
keep in mind that smart user can delete history file or just link it back to /dev/null, a better way is to configure process and command auditing

How to keep a detailed audit trail of what’s being done on your Linux systems
__________________
May the force with you!
Reply With Quote
  #4 (permalink)  
Old 03-24-2008, 04:38 PM
Member
User
  
Join Date: Mar 2008
My distro: Debian, Slackware, LFS
Posts: 83
Rep Power: 1
Tux-Idiot is on a distinguished road
Default
Quote:
Originally Posted by monk View Post
keep in mind that smart user can delete history file or just link it back to /dev/null, a better way is to configure process and command auditing

How to keep a detailed audit trail of what’s being done on your Linux systems
joe@localpub# cat >> .bashrc << EOF
EXPORT REMP="ping -c 10 IP.ADD.RE.SS"
EOF
joe@localpub# source .bashrc

i grep from the ICMP/IPtables log who has pinged me 10 times. i dont even appear in your .bash_history or parse the ping -c 10 IP.ADD.RE.SS from egress traffic log at startup/shutdown. now you audit. :-p
Reply With Quote
  #5 (permalink)  
Old 04-29-2008, 06:00 PM
Junior Member
User
  
Join Date: Apr 2008
My distro: Fedora
Posts: 20
Rep Power: 0
RamPD is on a distinguished road
Default
also you can use
#history | more
Reply With Quote
  #6 (permalink)  
Old 04-30-2008, 03:38 AM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
My distro: Debian GNU/Linux
Posts: 482
Rep Power: 5
monk will become famous soon enough monk will become famous soon enough
Default
Quote:
Originally Posted by Tux-Idiot View Post
joe@localpub# cat >> .bashrc << EOF
EXPORT REMP="ping -c 10 IP.ADD.RE.SS"
EOF
joe@localpub# source .bashrc

i grep from the ICMP/IPtables log who has pinged me 10 times. i dont even appear in your .bash_history or parse the ping -c 10 IP.ADD.RE.SS from egress traffic log at startup/shutdown. now you audit. :-p
Yes i'm going to audit you. I don't think so your command going to run. You are just creating a variable and that too with capital EXPORT which will result into an error:
Code:
EXPORT: command not found
If you replace with following, it will just export REMP but it will not ping anywhere
Code:
export REMP="ping -c 10 google.com"
and whe your command get executed it will get audited 100% here is output:
Code:
lastcomm monk
Audited event
Code:
ping             S     monk    stderr     0.00 secs Wed Apr 30 03:36
__________________
May the force with you!
Reply With Quote
Reply

Bookmarks

Tags
command , history , linux , track commands , track user

« Setting Samba to Bind to an ADS Domain | Informatica_instalation_linux »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
How to monitor RSH commands mformit Solaris/OpenSolaris 0 04-11-2008 09:44 PM
basic commands? seshaionline Getting started tutorials 7 03-24-2008 11:30 PM
Log all SSH commands at ssh-client abhijith Getting started tutorials 4 11-24-2007 10:17 PM
Linux find subnet mask commands chiku Linux software 1 12-06-2006 02:28 AM
linux commands write protect attributes Linux software 0 01-17-2006 04:52 PM


All times are GMT +5.5. The time now is 11:20 AM.

Contact Us - Linux answers from nixCraft - Archive - Top

Powered by vBulletin® Version 3.7.3 - Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36