How to log commands of all users runs in Linux

Hello Folks, In this blog we will learn how to log commands run by all users in Linux for this blog I am using Rocky Linux 9.3

Prerequisites

Linux OS, you can install on Virtual Box or if you are using the cloud then you can spin up the RHEL machine on it.

sudo user with Admin right or root privilege on OS.

Login to root user

Login to root user of you Linux machine by running the below command.

# su
# pwd

Now add the below line in the /etc/bashrc file

# vi /etc/bashrc
# add the below line in last of the file
# export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$whoami [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

Set up logging

To setup the logging create a new file and add the below contains “local6.* /var/log/commands.log”

# vi /etc/rsyslog.d/bash.conf
## add the below line in the file
# local6.* /var/log/commands.log
or
# echo "local6.* /var/log/commands.log" > /etc/rsyslog.d/bash.conf

Restart the rsyslog service by running the below command

# service rsyslog restart

enable the log rotation by adding the line “/var/log/commands.log” in file /etc/logrotate.d/rsyslog

Now we are all setup up for log the commands by all users in Linux. Restart the machine and then we will check the logs in file /var/log/commands.log

Verification of Logging

Log into the root user of the Linux machine and check the file by running the below command

# cat /var/log/commands.log

Learn how to set up the Puppet Master and Agent in a virtual box environment here.

Learn RHEL8 custom AMI creation using RHEL Image Builder here.

Learn how to remove the old Linux kernel from RHEL8/CentOS8 here.