CentOS Stream 10
Sponsored Link

Psacct : Enable process accounting
2025/01/03
 

Install psacct to enable process accounting.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root.

[1] Install and enable psacct.
[root@dlp ~]#
dnf -y install psacct
[root@dlp ~]#
systemctl enable --now psacct
[2] Output histories of commands by lastcomm command like follows.
[root@dlp ~]#
lastcomm 

basename               root     stderr     0.00 secs Fri Jan  3 10:25
readlink               root     stderr     0.00 secs Fri Jan  3 10:25
sed                    root     stderr     0.00 secs Fri Jan  3 10:25
bash              F    root     stderr     0.00 secs Fri Jan  3 10:25
locale                 root     stderr     0.00 secs Fri Jan  3 10:25
tty                    root     stderr     0.00 secs Fri Jan  3 10:25
bash              F    root     stderr     0.00 secs Fri Jan  3 10:25
tr                     root     stderr     0.00 secs Fri Jan  3 10:25
cat                    root     stderr     0.00 secs Fri Jan  3 10:25
bash              F    root     stderr     0.00 secs Fri Jan  3 10:25
tr                     root     stderr     0.00 secs Fri Jan  3 10:25
.....
.....
# specify a user

[root@dlp ~]#
lastcomm --user cent 

(sd-pam)         SF  X cent     __         0.00 secs Fri Jan  3 10:23
systemd          S     cent     __         0.06 secs Fri Jan  3 10:23
bash             S     cent     stderr     0.01 secs Fri Jan  3 10:23
yes                  X cent     stderr     0.65 secs Fri Jan  3 10:25
grub2-set-bootf  S     cent     __         0.00 secs Fri Jan  3 10:25
man                    cent     stderr     0.00 secs Fri Jan  3 10:24
less                   cent     stderr     0.02 secs Fri Jan  3 10:24
man               F    cent     stderr     0.00 secs Fri Jan  3 10:24
nroff                  cent     stderr     0.00 secs Fri Jan  3 10:24
groff                  cent     stderr     0.00 secs Fri Jan  3 10:24
.....
.....
# specify a command

[root@dlp ~]#
lastcomm --command su 

su               S     root     stderr     0.00 secs Fri Jan  3 10:26
su               S     cent     stderr     0.00 secs Fri Jan  3 10:26
[3] To output login time from [/var/log/wtmp] log, it's possible to use [ac] command which is included psacct package.
# by daily

[root@dlp ~]#
ac -d 

Dec 14  total        0.01
Dec 19  total        0.01
Dec 20  total        0.04
Today   total        0.89
# by user

[root@dlp ~]#
ac -p 

        cent                                 0.04
        root                                 0.89
        redhat                               0.03
        total        0.95
# by daily + user

[root@dlp ~]#
ac -d -p 

        root                                 0.01
Dec 14  total        0.01
        root                                 0.01
Dec 19  total        0.01
        root                                 0.04
Dec 20  total        0.04
        cent                                 0.04
        root                                 0.84
        redhat                               0.03
Today   total        0.90
# show errors

[root@dlp ~]#
ac -d --complain 

/var/log/wtmp:1: problem: time warp (Thu Jan  1 09:00:00 1970 -> Sat Dec 14 18:39:49 2024)
/var/log/wtmp:8: problem: missing login record for `tty1'
Dec 14  total        0.01
/var/log/wtmp:18: problem: missing login record for `tty1'
Dec 19  total        0.01
/var/log/wtmp:28: problem: missing login record for `tty1'
Dec 20  total        0.04
/var/log/wtmp:41: problem: missing login record for `ttyS0'
/var/log/wtmp:45: problem: missing login record for `tty1'
Today   total        0.91
Matched Content