How to get history of commands with dates...like i need complete log of my system what ever commands executed in machine, from which Ip they logged in at that time and and What is command executed?
Is it Possible?
Not easily.
You can see who logged in from where with who or last.
You can see the history of the commands of the last shell which exited in their home folder in the file $HOME/.bash_history. BASH doesn't log the timestamp in this file, though, so there is no way to tell when the commands were executed. You can see this when you execute
HISTTIMEFORMAT="%d/%m/%y %T " history
A lot of the commands in the history will have the same date/time and if you look more closely, you'll see that this is in fact the date/time of the file .bash_history.
It should be possible to download the sources for BASH and compile your own version which does more extensive logging. Just be careful that you don't log commands read from script files (or your computer probably won't even boot anymore).
Also note that you need to do the same for all the shells which your users are using. And you need to make sure that they don't have their own copy of the shell.
Related:
How to log all Bash commands by all users on a server?
HOWTO BASH Audit / Command Logger
Related
By default, command history is stored in ~/.bash_history file.
I want to save the history for a specific command elsewhere than ~/.bash_history every time the command is called, like in a file ~/.specific-command-history.
I don't want to run grep to search for a specific command neither exclude it from ~/.bash_history, I just wanted to have a history for a specific command to be automatically stored in other file as well as in ~/.bash_history.
Any thoughts about that?
You could create and run an anacron script, even if at a set time the server was switched off, when the server is switched on, anacron will run the script.
The anacron script would grep the file with the command you are looking for, and then use cut, and then append the file you would like to paste the lines into.
I am trying to find a way to record every single command that is executed by any user on the system.
Things that I have came across earlier.
It is possible to view shell commands executed from the terminal using ~/.bashrc_history file.
There is a catch here, It logs only those commands which were executed interactively from bash shell/terminal.
This solves one of my problems. But in addition to it, I would like to log those commands also which were executed as a part of the shell script.
Note: I don't have control over shell script. Therefore, adding verbose mode like #!/bin/bash -xe is not possible.
However, this can be assumed that I have root access as a system administrator.
Eg: I have another user that has access to the system. And he runs the following shell script using from his account.
#!/bin/sh
nmap google.com
and run as "$ sh script.sh"
Now, What I want is "nmap google.com" command should be logged somewhere once this file is executed.
Thanks in advance. Even a small help is appreciated.
Edit: I would like to clarify that users are unaware that they are being monitored. So I need a solution something at system level(may be agent running with root). I cannot depend on user to log suspicious activity. Of-course everyone will avoid such tricks to put blame on someone else if they do something fishy or wrong
I am aware that you were asking for Bash and Shell scripting and tagged your question accordingly, but in respect to your requirements
Record every single command that is executed by any user on the system
Users are unaware that they are being monitored
A solution something at system level
I am under the assumption that you are looking for Audit Logging.
So you may take advantage from articles like
Log all commands run by Admins on production servers
Log every command executed by a User
You can run the script in this way:
execute bash (it will override the shebang)
ts to prefix every lines
logs both in terminal and files
bash -x script.sh |& ts | tee -a /tmp/$(date +%F).log
You may ask the other user to create an alias.
Edit:
You may also add this into /etc/profile (sourced when users login)
exec > >(tee -a /tmp/$(date +%F).log)
Do it also for error output if needed. Keep it splited.
I am running cygwin on windows 8 and was wondering if there is a way to keep a log of all commands made in cygwin terminal?
I do not think Cygwin alone has a logging functionality similar to something like PuTTy. However, you can use history which is logged by Bash (which you are using if you have a default Cygwin setup).
If you are using Bash, then your history is stored in .bash_history. You can use the history command to access the file easily.
You can pipe history and grep together to search your history:
history | grep "cd"
If you need more history to be stored, you can change your HISTFILESIZE in your .bashrc:
export HISTFILESIZE=100000
I need to change the greeting of user, which is logging in. So I modifyed file /etc/profile. In this greeting I need to know, which shell this user use and tell it to user. The problem is that then I change my shell on zsh or csh it doesnt work. Even if I just type in this file echo $SHELL it do nothing. As I think, when I use csh and zsh this file (/etc/profile) doesnt run at all. How can I fix this problem?
Thanks you, sorry for my English)
You should start by reading the manpage of every shell on your system.
There are different flavours of shells. Each flavours uses slightly different (per session and per shell, per site and per user) initialisation files. For example:
sh (and bash) use /etc/profile and ~/.profile
bash also uses ~/.bash_profile, ~/.bashrc, ~/.bash_logout
csh uses /etc/.login and ~/.cshrc
etc...
The above list is not meant to be exhaustive. It is to illustrate you will need to check the exact behaviour of each shell that is used on your system and configure it appropriately.
You also need to consider whether you want to change system-wide behaviour (corresponding to initialisation files under /etc) or user-specific behaviour (corresponding to initialisation files in the user's home directory).
For certain shells, there's also per-session (i.e. once per login) and per-shell settings (e.g. for every terminal window). A good example is ~/.bash_login (executed once per login) and ~/.bashrc (executed for every shell - e.g. terminal window).
They both execute different files:
From fro zsh http://zsh.sourceforge.net/Guide/zshguide02.html
Now here's a list of the startup files and when they're run. You'll
see they fall into two classes: those in the /etc directory, which are
put there by the system administrator and are run for all users, and
those in your home directory, which zsh, like many shells, allows you
to abbreviate to a `~'.
/etc/zshenv
Always run for every zsh.
~/.zshenv
Usually run for every zsh (see below).
/etc/zprofile
Run for login shells.
~/.zprofile
Run for login shells.
/etc/zshrc
Run for interactive shells.
~/.zshrc
Run for interactive shells.
/etc/zlogin
Run for login shells.
~/.zlogin
for csh http://unixhelp.ed.ac.uk/CGI/man-cgi?csh+1
A login shell begins by executing commands from the system files
/etc/csh.cshrc and /etc/csh.login.
You can make a soft link to point to the same file:
ln -s /etc/profile /etc/zshenv
ln -s /etc/profile /etc/csh.login
I have modified my etc/profile file to start a python script on startup. now my program is running but there is a black screen, because my program has a while True loop in it and now I am not able to stop it. Kindly tell me how to stop the program, I have tried ctrl+C but nothing happened.
I'm logged into a remote server via SFTP at the command line. The folder I'm in contains hundreds of thousands of files. I need to get a list of these files in a text file so I can access them programmatically, as none of the PHP SFTP clients are able to return such a large list of files.
When I run an ls on the directory ( within the SFTP session ), it takes about 20 minutes for the file list to finally display.
I don't have write access on this server, so I can't pipe the output to a file on the remote server.
How can I pipe the output to a text file on my local machine ... or get a list of the files to my local machine some other way?
If you're willing to wait the 20 minutes for the data to scroll across your screen you can capture all the output using "script".
Call 'script' before you start your ssh or sftp session and it will capture all terminal output to your local disk. Type 'exit' to finish the capture.
NAME
script -- make typescript of terminal session
SYNOPSIS
script [-akq] [-t time] [file [command ...]]
DESCRIPTION
The script utility makes a typescript of everything printed on your ter-
minal. It is useful for students who need a hardcopy record of an inter-
active session as proof of an assignment, as the typescript file can be
printed out later with lpr(1).
If the argument file is given, script saves all dialogue in file. If no
file name is given, the typescript is saved in the file typescript.
If the argument command is given, script will run the specified command
with an optional argument vector instead of an interactive shell.
The following options are available:
-a Append the output to file or typescript, retaining the prior con-
tents.
-k Log keys sent to program as well as output.
-q Run in quiet mode, omit the start and stop status messages.
-t time
Specify time interval between flushing script output file. A
value of 0 causes script to flush for every character I/O event.
The default interval is 30 seconds.
The script ends when the forked shell (or command) exits (a control-D to
exit the Bourne shell (sh(1)), and exit, logout or control-D (if
ignoreeof is not set) for the C-shell, csh(1)).
Certain interactive commands, such as vi(1), create garbage in the type-
script file. The script utility works best with commands that do not
manipulate the screen. The results are meant to emulate a hardcopy ter-
minal, not an addressable one.
ENVIRONMENT
The following environment variable is utilized by script:
SHELL If the variable SHELL exists, the shell forked by script will be
that shell. If SHELL is not set, the Bourne shell is assumed.
(Most shells set this variable automatically).
SEE ALSO
csh(1) (for the history mechanism).
HISTORY
The script command appeared in 3.0BSD.
BUGS
The script utility places everything in the log file, including linefeeds
and backspaces. This is not what the naive user expects.
It is not possible to specify a command without also naming the script
file because of argument parsing compatibility issues.
When running in -k mode, echo cancelling is far from ideal. The slave
terminal mode is checked for ECHO mode to check when to avoid manual echo
logging. This does not work when in a raw mode where the program being
run is doing manual echo.
Wu's answer is good if you do it remotely. Here is another option if you are logged onto the remote server and want to send the file back home to yourself:
Proper answer is here: http://scratching.psybermonkey.net/2011/02/ssh-how-to-pipe-output-from-local-to.html
your_command | ssh username#server "cat > filename.txt"
If you have ssh access, that would be very easy:
ssh user#server ls > foo.txt
Otherwise, you can just redirect sftp's STDOUT and STDERR to a file. You have to type password and commands blindly though.
In my case following worked:
ssh user#server ls /path/to/source/folder/ > /path/to/destination/folder/filenames.txt
I wrote it in Git Bash. This will first ssh then list all files of source folder and then save the file names to the destination text file.
In this way you can also save the output to json file. Just change the file extension to json instead of txt.
For appending output just put ">>" instead of ">".