Auditing shell commands in bash

Written by Glenn on 15 October 2009

Bash has a built in history function that records recent shell commands. But by default it only retains a raw list of those without attaching additional information. You can add a timestamps to each command by adding something like…

1	echo 'export HISTTIMEFORMAT="%F-%R%t"' >> ~/.bashrc

… and then after reloading your shell session you will see something like …

1
2
3

:~$ history | tail -n 2
 502  2009-10-15-11:26 vim .bashrc
 503  2009-10-15-11:26 history | tail -n 2

You can see much more about what you can do with bash and the history command, including redirecting history commands in the bash and date man pages for your favourite linux distro.

Update: Another option on a debian system (possibly others) would be to use the snoopy package, as described at http://www.debian-administration.org/articles/88

Share and Enjoy:

Tags: audit, bash, history, shell
Posted in Linux | Comments Off

Previous Topic
Ubuntu 9.04 bug with networking directory creation « RimuHosting Blog

Next Topic
Stefano Barone: cool guitar tunes

The Pocket Site

Categories

Archives

Tags

Auditing shell commands in bash

Lifestream

Blogroll

Tech