Benjamin Smith wrote: > On Monday, December 07, 2015 01:29:54 PM Frank Cox wrote: >> Benjamin Smith wrote: >>> Is it possible to use 'script' command that records what happens in a >>> session as the default shell? How could you deal with multiple logins at >>> once? What about output from rsync and the like? >> >> What problem are you attempting to solve? Have you looked at the bash >> 'history' command? > > We'd like to have an auditable history of what happened on production servers, > kept for a period of time. (perhaps a week?) It's a very busy production > environment, but the only shell-level access to the systems are > administrative, but having a history of activity as well as the output would > have been highly valuable this morning to verify that a mistake that might > have been made was. (or wasn't!) > > I'm familiar with `history`but it has a few problems: > > 1) You only see the commands entered. > 2) You only see the commands in other shells after you log out. > 3) You don't see the output from the commands. > 4) Histories can be lost altogether if the shell exits abnormally. (EG tcp > timeout) > > I was thinking of a shell script something like (PSEUDO code) > > #! /bin/sh > LOGFILE=`date --format='Ymd:Hms'`; > script /var/log/histories/root.$LOGFILE > exit $? > > And putting it as the shell in /etc/passwd, but this *has* to be the kind of > thing that somebody else has done, right? > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > https://lists.centos.org/mailman/listinfo/centos > Hi, While not solving all your problems ZSH may be of help. With ZSH you can configure it to save history immediately upon command being entered and therefore never lose the history. Although, you can still lose it if someone purposely deletes it. But then the same can be applied to any shell logger. Additionally this means recent commands will be in the history file as soon as they run, thus you do not have to close the shell in order to view the recent commands run. Using .zshrc it's simply the case of using "setopts inc_appendhistory" to get that functionality. Although getting used to a whole new shell could be a bit of a challenge if you are very used to BASH. There's also many other features which may be helpful to you. Such as time stamps and shared history. Search "history" on this page to see more: http://linux.die.net/man/1/zshoptions I personally use ZSH where-ever possible as I personally find it to be better than BASH, however this is more of a preference than anything. Good luck though :-) Kind Regards, Jake Shipton (JakeMS) Twitter: @CrazyLinuxNerd GPG Key: 0xE3C31D8F GPG Fingerprint: 7515 CC63 19BD 06F9 400A DE8A 1D0B A5CF E3C3 1D8F _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos