How to capture all the commands typed in Unix/Linux by any user?
There seems to be quite a good article on shell auditing at
http://administratosphere.wordpress.com/2011/05/20/logging-every-shell-command/ .
This considers things like reliability of user history files (and provides info on improving that), but also discusses explicit auditing features built into shells. It may be that whatever environment you're using doesn't have the shells compiled with auditing features enabled, but if you have the source and configuration for your builds available (as you would do at least for any Linux distribution), it shouldn't be too hard to enable the auditing feature while keeping rest of the configuration as it is in the default distribution.
What this approach still would leave open is the commands executed through some other command - or operating system functionality called from within some program. So, f.ex. if you have perl, or any other programming language interpreter available on the machine, while you possibly can audit the execution of perl, you cannot tell what the user had told the perl interpreter to do. On the other hand, even with shell auditing, I'm not certain whether the perl execution would be seen if it was executed f.ex. from within some editor (like vi) as a filter to process whatever had been written within the editor.
So, while shell auditing will provide you one layer of auditing, the gain is not that great unless your environment is really tightened against other paths of execution than the shell.
You should consider whether the users to be audited actually need shell access - and if not, provide them with something more limited, with auditing capabilities. A small text-based menu system, perhaps?
IS there any way to find what commands we have run in linux apart from history
On linux distributions and installations I encountered: no, it's not possible. Even .bash_history
is storing only bash history (and some administrators can (and will) use other shell(s)) and has usually set a limit so sometimes gets truncated. You would have to write and configure such utility yourself.
How to search all matching previous commands using ctrl+R in Linux
If you press Ctrl+R and type your search, you will get the last record matching this search.
If you press Ctrl+R again you will get the previous record. You can press Ctlr+R repetitively to get older matches.
This doesn't provide a list though.
Linux command to list all available commands and aliases
You can use the bash(1) built-in compgen
compgen -c
will list all the commands you could run.compgen -a
will list all the aliases you could run.compgen -b
will list all the built-ins you could run.compgen -k
will list all the keywords you could run.compgen -A function
will list all the functions you could run.compgen -A function -abck
will list all the above in one go.
Check the man page for other completions you can generate.
To directly answer your question:
compgen -ac | grep searchstr
should do what you want.
Execute a command without keeping it in history
Start your command with a space and it won't be included in the history.
Be aware that this does require the environment variable $HISTCONTROL
to be set.
Check that the following command returns
ignorespace
orignoreboth
:echo $HISTCONTROL
To add the environment variable if missing, the following line can be added to the Bash profile. E.g., to file
%HOME/.bashrc
.export HISTCONTROL=ignorespace
After sourcing the profile again, space-prefixed commands will not be written to $HISTFILE
.
How can I see all of the bash history?
You should look into the histappend
shell option and the -a
flag to history
:
histappend
If set, the history list is appended to the file named by the value of the
HISTFILE
variable when the shell exits, rather than overwriting the file.
history
-a
Append the "new" history lines (history lines entered since the beginning of the current bash session) to the history file.
If you put history -a
into your PROMPT_COMMAND
, you'll get an always-up-to-date .bash_history
file.
Automatically capture output of last command into a variable using Bash?
This is a really hacky solution, but it seems to mostly work some of the time. During testing, I noted it sometimes didn't work very well when getting a ^C on the command line, though I did tweak it a bit to behave a bit better.
This hack is an interactive mode hack only, and I am pretty confident that I would not recommend it to anyone. Background commands are likely to cause even less defined behavior than normal. The other answers are a better way of programmatically getting at results.
That being said, here is the "solution":
PROMPT_COMMAND='LAST="`cat /tmp/x`"; exec >/dev/tty; exec > >(tee /tmp/x)'
Set this bash environmental variable and issues commands as desired. $LAST
will usually have the output you are looking for:
startide seth> fortune
Courtship to marriage, as a very witty prologue to a very dull play.
-- William Congreve
startide seth> echo "$LAST"
Courtship to marriage, as a very witty prologue to a very dull play.
-- William Congreve
Linux Command History with date and time
Regarding this link you can make the first solution provided by krzyk permanent by executing:
echo 'export HISTTIMEFORMAT="%d/%m/%y %T "' >> ~/.bash_profile
source ~/.bash_profile
Related Topics
How to Fetch the Tags for Ec2-Describe-Instances in a Shell Script
How to Change the Watchdog Timer in Linux Embedded
Run a Command Conditionally with Netcat and Grep
How to Fix Loading Plugins in Eclipse 3.5.1 on Linux
Bluetooth Low Energy:Android Gatt-Client Connect to Linux Gatt Server
Comma Separated Values to Single Inverted Quote and Comma Separated Values
Grep Fails Inside Bash Script But Works on Command Line
"Cannot Write to Log File Pg_Upgrade_Internal.Log" When Upgrading from Postgresql 9.1 to 9.3
Add Suffix to Each Line with Shell Script
Sed Permission Denied When Overwriting File
Ignore Case When Trying to Match File Names Using Find Command in Linux
How to List Recently Deleted Files from a Directory