How to log commands of all users runs in Linux
Hello Folks, In this blog we will learn how to log commands run by all users in Linux for this blog I am using Rocky Linux 9.3
Prerequisites
Linux OS, you can install on Virtual Box or if you are using the cloud then you can spin up the RHEL machine on it.
sudo user with Admin right or root privilege on OS.
Login to root user
Login to root user of you Linux machine by running the below command.
# su
# pwd
Now add the below line in the /etc/bashrc file
# vi /etc/bashrc
# add the below line in last of the file
# export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$whoami [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'
Set up logging
To setup the logging create a new file and add the below contains “local6.* /var/log/commands.log”
# vi /etc/rsyslog.d/bash.conf
## add the below line in the file
# local6.* /var/log/commands.log
or
# echo "local6.* /var/log/commands.log" > /etc/rsyslog.d/bash.conf
Restart the rsyslog service by running the below command
# service rsyslog restart
enable the log rotation by adding the line “/var/log/commands.log” in file /etc/logrotate.d/rsyslog
Now we are all setup up for log the commands by all users in Linux. Restart the machine and then we will check the logs in file /var/log/commands.log
Verification of Logging
Log into the root user of the Linux machine and check the file by running the below command
# cat /var/log/commands.log
Learn how to set up the Puppet Master and Agent in a virtual box environment here.
Learn RHEL8 custom AMI creation using RHEL Image Builder here.
Learn how to remove the old Linux kernel from RHEL8/CentOS8 here.