Topics: AIX, Red Hat / Linux, Security, System Admin
System-wide separated shell history files for each user and session
Here's how you can set up your /etc/profile in order to create a separate shell history file for each user and each login session. This is very useful when you need to know who exactly ran a specific command at a point in time. For Red Hat Linux, put the updates in either /etc/profile or /etc/bashrc.
Put this in /etc/profile on all servers:
# HISTFILEWhen using ksh, put this in /etc/environment, to turn on time stamped history files:
# execute only if interactive
if [ -t 0 -a "${SHELL}" != "/bin/bsh" ]
then
d=`date "+%H%M.%m%d%y"`
t=`tty | cut -c6-`
u=`who am i | awk '{print $1}'`
w=`who -ms | awk '{print $NF}' | sed "s/(//g" | sed "s/)//g"`
y=`tty | cut -c6- | sed "s/\//-/g"`
mkdir $HOME/.history.$USER 2>/dev/null
export HISTFILE=$HOME/.history.$USER/.sh_history.$USER.$u.$w.$y.$d
find $HOME/.history.$USER/.s* -type f -ctime +91 -exec rm {} \; 2>/dev/null
H=`uname -n | cut -f1 -d'.'`
mywhoami=`whoami`
if [ ${mywhoami} = "root" ] ; then
PS1='${USER}@(${H}) ${PWD##/*/} # '
else
PS1='${USER}@(${H}) ${PWD##/*/} $ '
fi
fi
# Time out after 60 minutes
# Use readonly if you don't want users to be able to change it.
# readonly TMOUT=3600
TMOUT=3600
export TMOUT
When using bash, put this in /etc/bashrc, to enable time-stamped output when running the "history" command:# Added for extended shell history EXTENDED_HISTORY=ON
HISTTIMEFORMAT='%F %T '; export HISTTIMEFORMATThis way, *every* user on the system will have a separate shell history in the .history directory of their home directory. Each shell history file name shows you which account was used to login, which account was switched to, on which tty this happened, and at what date and time this happened.
Shell history files are also time-stamped internally. For AIX, you can run "fc -t" to show the shell history time-stamped. For Red Hat, you can run: "history". Old shell history files are cleaned up after 3 months, because of the find command in the example above. Plus, user accounts will log out automatically after 60 minutes (3600 seconds) of inactivity, by setting the TMOUT variable to 3600. You can avoid running into a time-out by simply typing "read" or "\" followed by ENTER on the command line, or by adding "TMOUT=0" to a user's .profile, which essentially disables the time-out for that particular user.
One issue that you now may run into on AIX, is that because a separate history file is created for each login session, that it will become difficult to run "fc -t", because the fc command will only list the commands from the current session, and not those written to a different history file. To overcome this issue, you can set the HISTFILE variable to the file you want to run "fc -t" for:
# export HISTFILE=.sh_history.root.user.10.190.41.116.pts-4.1706.120210Then, to list all the commands for this history file, make sure you start a new shell and run the "fc -t" command:
# ksh "fc -t -10"This will list the last 10 commands for that history file.
If you found this useful, here's more on the same topic(s) in our blog:
- Cleaning file systems
- Resizing the jfs log
- Enabling sendmail on Linux
- AIX Multiple page size support
- Adding swap space to RHEL
UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.
Interested in learning more?
Interested in learning more?