nixCraft Linux Forum

nixCraft

Linux / UNIX Tech Support Forum

See what commands have been run on your Linux server

This is a discussion on See what commands have been run on your Linux server within the Getting started tutorials forums, part of the Linux Getting Started category; It is really, a simple job, all you have to do is type history command to display the history of ...

Go Back   nixCraft Linux Forum > Linux Getting Started > Getting started tutorials

See what commands have been run on your Linux server See what commands have been run on your Linux server

Linux answers from nixCraft.

Register FAQ Members List Social Groups Calendar Forgotten your password? Mark Forums Read

Getting started tutorials So much to read, so little time! If that is your problem, we have solution. Read our FAQ and tutorials to help you cut through the clutter of information overload. Only members of "contributors" group can post new tutorials. Other members can just reply to thread.

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 17-04-2006, 04:10 PM
sweta's Avatar
Contributors
User
  
Join Date: Feb 2005
Location: New Delhi
OS: Suse, RHEL, Vista
Posts: 199
Thanks: 12
Thanked 9 Times in 9 Posts
Rep Power: 7
sweta has a spectacular aura about sweta has a spectacular aura about
Default See what commands have been run on your Linux server
It is really, a simple job, all you have to do is type history command to display the history of commands:

Code:
history
history | less
Hope this helps some newbie out there
__________________
Reply With Quote
  #2 (permalink)  
Old 07-12-2007, 11:31 AM
Junior Member
User
  
Join Date: Dec 2007
OS: Debian
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
virendra is on a distinguished road
Default
#history

is the command to see all the commands enter by the terminal

it is stored in

/root/.bash_history file
for user root

and similarly for other users
in their home directory
Reply With Quote
  #3 (permalink)  
Old 08-12-2007, 09:09 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
OS: Debian GNU/Linux
Posts: 506
Thanks: 0
Thanked 8 Times in 6 Posts
Rep Power: 7
monk has a spectacular aura about monk has a spectacular aura about
Default
keep in mind that smart user can delete history file or just link it back to /dev/null, a better way is to configure process and command auditing

How to keep a detailed audit trail of what’s being done on your Linux systems
__________________
May the force with you!
Reply With Quote
  #4 (permalink)  
Old 24-03-2008, 04:38 PM
Member
User
  
Join Date: Mar 2008
OS: Debian, Slackware, LFS
Posts: 82
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 2
Tux-Idiot is on a distinguished road
Default
Quote:
Originally Posted by monk View Post
keep in mind that smart user can delete history file or just link it back to /dev/null, a better way is to configure process and command auditing

How to keep a detailed audit trail of what’s being done on your Linux systems
joe@localpub# cat >> .bashrc << EOF
EXPORT REMP="ping -c 10 IP.ADD.RE.SS"
EOF
joe@localpub# source .bashrc

i grep from the ICMP/IPtables log who has pinged me 10 times. i dont even appear in your .bash_history or parse the ping -c 10 IP.ADD.RE.SS from egress traffic log at startup/shutdown. now you audit. :-p
Reply With Quote
  #5 (permalink)  
Old 29-04-2008, 06:00 PM
Junior Member
User
  
Join Date: Apr 2008
OS: Fedora
Posts: 24
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
RamPD is on a distinguished road
Default
also you can use
#history | more
Reply With Quote
  #6 (permalink)  
Old 30-04-2008, 03:38 AM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
OS: Debian GNU/Linux
Posts: 506
Thanks: 0
Thanked 8 Times in 6 Posts
Rep Power: 7
monk has a spectacular aura about monk has a spectacular aura about
Default
Quote:
Originally Posted by Tux-Idiot View Post
joe@localpub# cat >> .bashrc << EOF
EXPORT REMP="ping -c 10 IP.ADD.RE.SS"
EOF
joe@localpub# source .bashrc

i grep from the ICMP/IPtables log who has pinged me 10 times. i dont even appear in your .bash_history or parse the ping -c 10 IP.ADD.RE.SS from egress traffic log at startup/shutdown. now you audit. :-p
Yes i'm going to audit you. I don't think so your command going to run. You are just creating a variable and that too with capital EXPORT which will result into an error:
Code:
EXPORT: command not found
If you replace with following, it will just export REMP but it will not ping anywhere
Code:
export REMP="ping -c 10 google.com"
and whe your command get executed it will get audited 100% here is output:
Code:
lastcomm monk
Audited event
Code:
ping             S     monk    stderr     0.00 secs Wed Apr 30 03:36
__________________
May the force with you!
Reply With Quote
Reply

Tags
command , history , linux , track commands , track user

« Setting Samba to Bind to an ADS Domain | Informatica_instalation_linux »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads

Thread Thread Starter Forum Replies Last Post
How to monitor RSH commands mformit Solaris/OpenSolaris 0 11-04-2008 09:44 PM
basic commands? seshaionline Getting started tutorials 7 24-03-2008 11:30 PM
Log all SSH commands at ssh-client abhijith Getting started tutorials 4 24-11-2007 10:17 PM
Linux find subnet mask commands chiku Linux software 1 06-12-2006 02:28 AM
linux commands write protect attributes Linux software 0 17-01-2006 04:52 PM


All times are GMT +5.5. The time now is 01:52 AM.

Contact Us - nixCraft Home - Archive - Privacy Statement - Terms of Service - Top

Powered by vBulletin® Version 3.8.5 - Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2
©2005-2010 nixCraft. All rights reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38