For security reasons, I'm trying to remotely log all commands that users enter into the shell. I've got it to work by using this in my global bashrc:
PROMPT_COMMAND='history -a >(tee -a ~/.bash_history | logger -t "$(basename $SHELL)[$$]: ($USER)")'
However, each command is getting recorded only after it has completed. For long-running commands such as sudo su or mysql or even sleep 7000 && /bin/do_something_risky, this is a problem. So my question is: How can I log commands at the beginning of execution rather than at the end? Is this possible without something really painful such as hacking the Bash source code?
(Yes, I know a user could turn off this logging by overwriting PROMPT_COMMAND, but we'd know something was up if they were opening shells but nothing was getting recorded.)
