CentOS 7
Sponsored Link

psacct : Monitor User Activity2016/09/28

 
Install psacct to monitor User Activity.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users himselves, but psacct keeps all users' history files owned by root.
[1] Install psacct.
[root@dlp ~]#
yum -y install psacct
[root@dlp ~]#
systemctl start psacct

[root@dlp ~]#
systemctl enable psacct
[2] Output histories of commands by lastcomm command like follows.
[root@dlp ~]#
lastcomm

su               S     root     ttyS0      0.02 secs Fri Sep 30 19:18
bash             S     cent     ttyS0      0.00 secs Fri Sep 30 19:18
cat                    cent     ttyS0      0.00 secs Fri Sep 30 19:18
ls                     cent     ttyS0      0.00 secs Fri Sep 30 19:18
bash              F    cent     ttyS0      0.00 secs Fri Sep 30 19:18
.....
.....
systemctl        S     root     ttyS0      0.01 secs Fri Sep 30 19:18
pkttyagent           X root     ttyS0      0.00 secs Fri Sep 30 19:18
systemd-tty-ask        root     ttyS0      0.00 secs Fri Sep 30 19:18
systemd-cgroups  S     root     __         0.00 secs Fri Sep 30 19:18
accton           S     root     __         0.00 secs Fri Sep 30 19:18
[4] If you'd like to output histories for a user, run with '--user' option.
[root@dlp ~]#
lastcomm --user cent

bash             S     cent     ttyS0      0.00 secs Fri Sep 30 19:18
cat                    cent     ttyS0      0.00 secs Fri Sep 30 19:18
ls                     cent     ttyS0      0.00 secs Fri Sep 30 19:18
bash              F    cent     ttyS0      0.00 secs Fri Sep 30 19:18
consoletype            cent     ttyS0      0.00 secs Fri Sep 30 19:18
bash              F    cent     ttyS0      0.00 secs Fri Sep 30 19:18
dircolors              cent     ttyS0      0.00 secs Fri Sep 30 19:18
bash              F    cent     ttyS0      0.00 secs Fri Sep 30 19:18
tput                   cent     ttyS0      0.00 secs Fri Sep 30 19:18
tty                    cent     ttyS0      0.00 secs Fri Sep 30 19:18
grepconf.sh            cent     ttyS0      0.00 secs Fri Sep 30 19:18
grep                   cent     ttyS0      0.00 secs Fri Sep 30 19:18
bash              F    cent     ttyS0      0.00 secs Fri Sep 30 19:18
id                     cent     ttyS0      0.00 secs Fri Sep 30 19:18
bash              F    cent     ttyS0      0.00 secs Fri Sep 30 19:18
id                     cent     ttyS0      0.00 secs Fri Sep 30 19:18
bash              F    cent     ttyS0      0.00 secs Fri Sep 30 19:18
hostname               cent     ttyS0      0.00 secs Fri Sep 30 19:18
bash              F    cent     ttyS0      0.00 secs Fri Sep 30 19:18
id                     cent     ttyS0      0.00 secs Fri Sep 30 19:18
[5] If you'd like to output histories for a command, run with '--command' option.
[root@dlp ~]#
lastcomm --command su

su               S     cent     ttyS0      0.01 secs Fri Sep 30 19:23
su               S     cent     ttyS0      0.01 secs Fri Sep 30 19:23
su               S     root     ttyS0      0.02 secs Fri Sep 30 19:18
Matched Content