Archive

Archive for January, 2012

Centralizing user shell history files (.sh_history)

Centralizing user shell history files (.sh_history) and enabling Date/Time Stamp on user shell history.

Detail Description of change:

1. Add the following entry to /etc/profile to save all users history file in a central location.
mkdir /var/adm/hist/; chmod 1777 /var/adm/hist/;
export HISTFILE=/etc/hist/.hist-$LOGNAME

##################################################
#User shell history centralization – [14092011-150500]

export HISTSIZE=10000
export HISTFILE=/var/adm/hist/.hist-$LOGNAME
typeset -r HISTSIZE
typeset -r HISTFILE
##################################################

Note:- Use of “typeset” to make those env. variables read-only and to stop being overridden by the users shell startup files.

2. Adding the following entry to /etc/environment to enable Data/Time Stamp on shell history.
EXTENDED_HISTORY=ON

###############
How This Works
###############
Each unix user’s shell history file will be created under “/var/adm/hist/”.

To view any user’s command history:
#su – <username> -c fc -t
============================================================
For bash, the EXTENDED_HISTORY variable is not supported, so you will have to set the HISTTIMEFORMAT variable to something as follows:

# HISTTIMEFORMAT=”%h/%m – %H:%M:%S ”

Now, when you run the history command, you will have the timestamp in bash.
Example:- export EXTENDED_HISTORY=ON; history; fc -t
============================================================

References
http://www.coolcommands.com/index.php?option=com_cc&task=display&id=1184
http://unix.ittoolbox.com/groups/technical-functional/ibm-aix-l/is-there-a-way-we-could-log-all-commands-executed-by-any-users-on-an-aix-server-4363412

============================================================

Following shell session will demonstrate the operation.
root@nim01:/>cd /var/adm/hist/
root@nim01:/var/adm/hist>pwd
/var/adm/hist
root@nim01:/var/adm/hist>ls -a
.              ..             .hist-ibmuser  .hist-root     .hist-sp2280
root@nim01:/var/adm/hist>ls -l .hist-*
-rw——-    1 ibmuser  staff           284 Dec 15 10:06 .hist-ibmuser
-rw——-    1 root     system        60488 Dec 15 10:06 .hist-root
-rw——-    1 sp2280   staff           270 Dec 14 13:05 .hist-sp2280
root@nim01:/var/adm/hist>cd ~
root@nim01:/>su – sp2280 -c fc -t
1       2011/12/14 13:04:23 :: alias
2       2011/12/14 13:04:32 :: echo $HISTFILE
3       2011/12/14 13:04:37 :: bash
4       ? :: ifconfig -a
exit
5       2011/12/14 13:04:43 :: df -g
6       2011/12/14 13:04:50 :: cd /var/adm/hist
7       2011/12/14 13:04:55 :: ls -a
8       2011/12/14 13:05:03 :: cat .hist-sp2280
9       2011/12/14 13:05:09 :: cd ~
10      2011/12/14 13:05:13 :: exit
root@nim01:/>
============================================================

NOTE:- This has been tested under IBM AIX environment, but should be able to applied to rest of the UNIX flavors including Linux with little or no change at all.

Categories: Uncategorized