Psacct : Monitor Activity2019/12/17 |
|
Install psacct to monitor User Activity.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root. |
|
| [1] | Install psacct. |
|
[root@dlp ~]#
[root@dlp ~]# dnf -y install psacct systemctl enable --now psacct
|
| [2] | Output histories of commands by lastcomm command like follows. |
|
[root@dlp ~]# lastcomm lastcomm root ttyS0 0.04 secs Tue Dec 15 16:17 man root ttyS0 0.00 secs Tue Dec 15 16:16 less root ttyS0 0.03 secs Tue Dec 15 16:16 ..... ..... systemd-tty-ask S root ttyS0 0.00 secs Tue Dec 15 15:54 systemd-cgroups S root __ 0.00 secs Tue Dec 15 15:54 accton S root __ 0.00 secs Tue Dec 15 15:54 # specify a user [root@dlp ~]# lastcomm --user cent (sd-pam) SF X cent __ 0.00 secs Tue Dec 15 16:08 systemd S cent __ 0.06 secs Tue Dec 15 16:08 systemctl cent __ 0.00 secs Tue Dec 15 16:08 ..... ..... hostname cent ttyS0 0.00 secs Tue Dec 15 15:54 bash F cent ttyS0 0.00 secs Tue Dec 15 15:54 id cent ttyS0 0.00 secs Tue Dec 15 15:54 # specify a command [root@dlp ~]# lastcomm --command su su S cent ttyS0 0.00 secs Tue Dec 15 15:55 su S cent ttyS0 0.00 secs Tue Dec 15 15:54 |
| [3] | To output login time from [/var/log/wtmp] log, it's possible to use [ac] command which is included psacct package. |
|
# by daily [root@dlp ~]# ac -d ..... ..... Nov 12 total 0.00 Nov 29 total 0.05 Today total 6.73 # by user [root@dlp ~]# ac -p
cent 0.00
root 6.82
total 6.82
# by daily + user [root@dlp ~]# ac -d -p
.....
.....
Oct 23 total 0.00
root 0.00
Nov 12 total 0.00
root 0.05
Nov 29 total 0.05
cent 0.00
root 6.73
Today total 6.73
# show errors [root@dlp ~]# ac -d --complain /var/log/wtmp:1: problem: time warp (Thu Jan 1 09:00:00 1970 -> Sat Oct 12 22:40:13 2019) /var/log/wtmp:7: problem: missing login record for `tty1' Nov 12 total 0.00 /var/log/wtmp:65: problem: missing login record for `tty1' /var/log/wtmp:75: problem: missing login record for `tty1' Nov 29 total 0.05 /var/log/wtmp:85: problem: missing login record for `tty1' Today total 6.77 |
| Sponsored Link |