Ubuntu 22.04
Sponsored Link

Monitor User Activity2022/09/22
 
Install acct to monitor User Activity.
Histories of commands are kept in users' own history file but they are possible to edit or delete by users themselves, but psacct keeps all users' history files owned by root.
[1] Install acct.
root@dlp:~#
apt -y install acct
root@dlp:~#
systemctl enable acct
[2] Output histories of commands by lastcomm command like follows.
root@dlp:~#
lastcomm 

su               S     root     ttyS0      0.00 secs Thu Sep 22 04:41
bash             S     ubuntu   ttyS0      0.02 secs Thu Sep 22 04:41
clear_console          ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
ls                     ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
cat                    ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
dircolors              ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41

.....
.....

acct.postinst          root     pts/0      0.00 secs Thu Sep 22 04:40
deb-systemd-inv        root     pts/0      0.01 secs Thu Sep 22 04:40
systemctl        S     root     pts/0      0.00 secs Thu Sep 22 04:40
systemd-tty-ask  S     root     pts/0      0.00 secs Thu Sep 22 04:40
accton           S     root     __         0.00 secs Thu Sep 22 04:40
[4] If you'd like to output histories for a user, run with [--user] option.
root@dlp:~#
lastcomm --user ubuntu 

bash             S     ubuntu   ttyS0      0.02 secs Thu Sep 22 04:41
clear_console          ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
ls                     ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
cat                    ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
dircolors              ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
lesspipe               ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
lesspipe          F    ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
dirname                ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
basename               ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
bash              F    ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
locale                 ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
locale-check           ubuntu   ttyS0      0.00 secs Thu Sep 22 04:41
[5] If you'd like to output histories for a command, run with [--command] option.
root@dlp:~#
lastcomm --command su 

su               S     root     ttyS0      0.00 secs Thu Sep 22 04:44
su               S     ubuntu   ttyS0      0.02 secs Thu Sep 22 04:44
su               S     root     ttyS0      0.00 secs Thu Sep 22 04:44
su               S     debian   ttyS0      0.03 secs Thu Sep 22 04:44
su               S     root     ttyS0      0.00 secs Thu Sep 22 04:42
su               S     root     ttyS0      0.00 secs Thu Sep 22 04:41
su               S     root     ttyS0      0.00 secs Thu Sep 22 04:41
Matched Content