==================================
56 sudo find / -mtime 1
57 sudo vi /etc/hosts
58 ls
59 shell
60 ls
61 ifconig
62 ifconfig
63 ls
64 ls
65 exit
66 exit
67 exit
68 history
Unix:~ netlynker$
==================================
As you see, it doesn't show when these commands were executed. As an administrator, you need to know WHEN WHO did WHAT.
To enable Time of execution in 'history' for existing users, we need to define the time format of 'history' in ".bash_profile" of each user.
#echo "export HISTTIMEFORMAT='%F %T '" >> ~/.bash_profile"
To enable it for new user account for future, we need to did the same thing to "/etc/profile"
#echo "export HISTTIMEFORMAT='%F %T '" >> /etc/profile"
Now when you run 'history' command this time, the output will be like the following:
==================================
69 2011-06-05 12:42:21 history
70 2011-06-05 12:48:21 cd /dev/
71 2011-06-05 12:48:22 ls
72 2011-06-05 12:48:29 ls -al tty*
73 2011-06-05 12:48:36 cd /etc
74 2011-06-05 12:48:38 ls hosts
75 2011-06-05 12:48:41 ls -al hosts
76 2011-06-05 12:48:48 visudo
77 2011-06-05 12:48:52 sudo visudo
78 2011-06-05 12:49:06 vi /etc/hosts
79 2011-06-05 12:49:13 ping 10.0.0.8
80 2011-06-05 12:50:13 scp root@10.0.0.12:~/checkinstall* ~/Downloads/
81 2011-06-05 12:50:27 history
Unix:~ netlynker$
==================================
Cool! right?
No comments:
Post a Comment