Ubuntu 18.04
Sponsored Link

acct : Monitor User Activity2018/11/28
 
Install acct to monitor User Activity.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users himselves, but psacct keeps all users' history files owned by root.
[1] Install acct.
root@dlp:~#
apt -y install acct
root@dlp:~#
systemctl start acct

root@dlp:~#
systemctl enable acct
[2] Output histories of commands by lastcomm command like follows.
root@dlp:~#
lastcomm 

systemctl        S     root     ttyS0      0.00 secs Wed Nov 28 19:45
pager            S     root     ttyS0      0.00 secs Wed Nov 28 19:45
systemctl        S     root     ttyS0      0.00 secs Wed Nov 28 19:45
systemd-tty-ask  S   X root     ttyS0      0.00 secs Wed Nov 28 19:45
dpkg-query       S     root     ttyS0      0.03 secs Wed Nov 28 19:44
.....
.....
invoke-rc.d            root     pts/0      0.00 secs Wed Nov 28 19:44
systemctl        S     root     pts/0      0.00 secs Wed Nov 28 19:44
systemd-tty-ask  S     root     pts/0      0.00 secs Wed Nov 28 19:44
acct             S     root     __         0.00 secs Wed Nov 28 19:44
accton           S     root     __         0.00 secs Wed Nov 28 19:44
[4] If you'd like to output histories for a user, run with [--user] option.
root@dlp:~#
lastcomm --user ubuntu 

bash             S     ubuntu   ttyS0      0.09 secs Wed Nov 28 19:50
clear_console          ubuntu   ttyS0      0.00 secs Wed Nov 28 19:51
ls                     ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
vi                     ubuntu   ttyS0      0.04 secs Wed Nov 28 19:50
cat                    ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
ls                     ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
bash              F    ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
dircolors              ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
bash              F    ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
lesspipe               ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
lesspipe          F    ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
dirname                ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
basename               ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
bash              F    ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
locale-check           ubuntu   ttyS0      0.00 secs Wed Nov 28 19:50
[5] If you'd like to output histories for a command, run with [--command] option.
root@dlp:~#
lastcomm --command su 

su               S     root     ttyS0      0.00 secs Wed Nov 28 19:53
su               S     ubuntu   ttyS0      0.02 secs Wed Nov 28 19:53
su               S     root     ttyS0      0.00 secs Wed Nov 28 19:50
Matched Content