1

If a user execute commands remotely over ssh :

[user@remote ~] $ ssh USERNAME@SERVER COMMANDS

How the SERVER administrator can log those COMMANDS executed in a "not a tty" session ?

Also when a user invokes a new shell(running /bin/bash from existing bash shell), commands executed in this new shell are not listed in user's bash history; How to log those commands ?

Johnas
  • 11
  • 1
  • 2
  • possible duplicate of [Live view of Linux shell commands executed by another user?](http://serverfault.com/questions/8851/live-view-of-linux-shell-commands-executed-by-another-user) – mailq Sep 25 '11 at 12:00
  • @mailq I don`t think so. This question here is not aimed at doing this live. – Nils Jan 12 '12 at 21:22

2 Answers2

2

Just install GNU Accounting (acct for Debian/Ubuntu or psacct for RedHat/CentOS) and use the command lastcomm to trace all the commands executed by all your users.

bintut
  • 304
  • 1
  • 5
1

SSH used to have an option called "fascist logging" this option seems to have vanished - that option could do keystroke logging.

Now even raising the logging-level to DEBUG3 for SSHD will NOT reveal the commands.

But perhaps the answer to your second question will also solve the first one. The mechanism of bash history appending has been described in the accepted answer to this question.

Community
  • 1
Nils
  • 7,657
  • 3
  • 31
  • 71