I want to know which user executed which command on terminal and when i.e. if any of the user does "rmdir abc" and removes a specific directory , i should know which command he executed and at what time.And i don't want it for a single session, this data should be available to me like we maintain logs, so that i can analyze it for any point of time.
I tried the history command as well and also added time to it but it does not show "Users" of the command and also it is session based ,so it's data does not get appended to ~/.bash_history file unless the session is exited. Also ~/.bash_history does not show time and user so it's not usefull.Can anyone help me please.I just want to see which user executed which command from the moment the system is started and at what time.
You can check commands that executed by users using
sudo vim /home/USER_YOU_WANT_TO_VIEW/.bash_historyFor more you can also check AUTH logs
tail /var/log/auth.log | grep usernametry this similar question : How to see time stamps in bash history?
I guess it is in all users own bash history file. You just need to get list of .bash history files and cat them.
outputs :
than cat it
You can do it in a for loop
You can make a service or edit rc.local file for ubuntu startup with a while loop which backups all users .bash_history in every loop to a secure location so that even if users delete theirs you will be able to check what has been done.