This post may be useful if we want to keep track what your users are executing on the server. You can write some custom scripts incase of any abnormal activity being done by the user.

Add the following line in /etc/bashrc

export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

Incase of Ubuntu Server, the filename is /etc/bash.bashrc

Add local6 logformat to syslog.conf file

local6.*                /var/log/cmdlog.log

Restart the rsyslog service.

/etc/init.d/rsyslog restart

For Ubuntu server,

service rsyslog restart

 

Post Views: 110

Leave a Reply