NickTheGreek 160 Report post Posted September 18, 2017 Are you a Linux system administrator and want to monitor interactive activity of all system users (Linux commands they executes) in real-time. In this brief Linux system security guide, we will explain how to view all Linux shell commands executed by system users in real-time. If your system has bash, the most commonly used shell out there then all commands executed by normal system users will be stored in the .bash_history hidden file which is kept in each user’s home directory. The content of this file can be viewed by users, using the history command. To view a user aaronkilik’s .bash_history file, type: # cat /home/aaronkilik/.bash_history User bash-history file Monitor User Activity in Real-time Using Sysdig in Linux To get a glimpse of what users are doing on the system, you can use the w command as follows. # w Monitor Logged in Users But to have a real-time view of the shell commands being run by another user logged in via a terminal or SSH, you can use the Sysdig tool in Linux. Sydig is an open-source, cross-platform, powerful and flexible system monitoring, analysis and troubleshooting tool for Linux. It can be used for system exploration and debugging. Once you have installed sysdig, use the spy_users chisel to spy on users by running the command below. # sysdig -c spy_users The above command displays every command that users launch interactively as well as every directory users visit. Monitor User Activity in Real-Time https://www.tecmint.com/monitor-linux-commands-executed-by-system-users-in-real-time/ 1 Quote Share this post Link to post Share on other sites
