On September 12, 2018 5:05:21 PM UTC, Grant Taylor <gtay...@gentoo.tnetconsulting.net> wrote: >On 09/12/2018 09:59 AM, J. Roeleveld wrote: >> This piqued my interest and decided to google a little bit. Found >the >> following, which might help: >> >> >https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server > >I would not want to rely on the PROMPT_COMMAND environment variable. > >1) It's a user setting, which means users should be able to change it. >2) Protecting it (setting it read only) will likely annoy users. (I >know many that have used the PROMPT_COMMAND for their own uses.) >3) It's still possible to start another shell that does not have the >PROMPT_COMMAND set to what you want.
Mentioned this as well. :) It works if the user wants this to work. From what I understand, the customer of OP wants the record. Which means I would expect OP not to try to get out of it. >> Same method is described in: >> >> >https://serverfault.com/questions/323270/how-can-i-make-bash-to-log-shell-commands-to-syslog > >Same issues as above. > >> This will help if all you do is working within bash. If you switch to > >> a different shell or run scripts, the logging obviously fails. > >Yep. This is one of the primary problems with relying on anything that > >is traditionally user controllable. > >> Another method might be: https://www.linuxjournal.com/article/6144 > >I've never messed with process accounting. Does it actually record the > >details that the OP wants? > >I thought (naively assumed?) that process accounting was more for >tracking computer resource consumption, primarily for billing and / or >rate limiting. From what I read, it records user, processname and other statistics. I would assume this would cover more than what OP requested. It also would record script contents. But not sure if it would also record full commandlines and I/O actions. >> This is an older document, but might still be made to work as it uses > >> "process accounting" which is still in the kernel afaik. > >I've seen hints of process accounting in relatively modern kernels. Same here -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
