Posted by we will explain how to view all Linux shell commands executed by system users in real-time.Are you a Linux system administrator and want to monitor interactive activity of all system users (Linux commands they executes) in real-time. In this brief Linux system security guide.
Read Also: How to Monitor User Activity with psacct or acct Tools
If your system has bash, the most commonly used shell out there then all commands executed by normal system users will be stored in the .bash_history hidden file which is kept in each user’s home directory. The content of this file can be viewed by users, using the history command.
To view a user aaronkilik’s .bash_history file, type:
# cat /home/aaronkilik/.bash_history
From the screen shot above, the date and time when a command was executed is not shown. This is the default setting on most if not all Linux distributions.
You can follow this guide to set date and time for each command in bash_history file.
Monitor User Activity in Real-time Using Sysdig in Linux
To get a glimpse of what users are doing on the system, you can use the w command as follows.
# w
But to have a real-time view of the shell commands being run by another user logged in via a terminal or SSH, you can use the Sysdig tool in Linux.
Sydig is an open-source, cross-platform, powerful and flexible system monitoring, analysis and troubleshooting tool for Linux. It can be used for system exploration and debugging.
Once you have installed sysdig, use the spy_users chisel to spy on users by running the command below.
# sysdig -c spy_users
The above command displays every command that users launch interactively as well as every directory users visit.
That’s all, you can also check out these following related articles:
- 25 Hardening Security Tips for Linux Servers
- Lynis – Security Auditing and Scanning Tool for Linux Systems
- 10 Useful Open Source Security Firewalls for Linux Systems
- A Practical Guide to Nmap (Network Security Scanner) in Linux
In this system security guide, we described how to view users bash history file, show logged on users and what they are doing, and we also explained how to view or monitor all commands executed by system users in real-time.
If you want to share any other methods or ask questions, please do so via the comment section below.
Very nice write-up. I definitely appreciate this site. Thanks!
I was extremely pleased to discover this page. I want to to thank you for ones time due to this wonderful read!! I definitely appreciated every part of it and I have you bookmarked to look at new information on your web site.
Nice post. I learn something new and challenging on sites I stumbleupon on a daily basis. Its always helpful to read through articles from other writers and use something from their web sites.
Everything is very open with a precise clarification of the issues. It was truly informative. Your site is extremely helpful. Many thanks for sharing!
Hello! I simply wish to give you a big thumbs up for your excellent information you have right here on this post. I will be returning to your web site for more soon.