- How can I see all of the bash history?
- 5 Answers 5
- The Power of Linux “History Command” in Bash Shell
- 1. List Last/All Executed Commands in Linux
- 2. List All Commands with Date and Timestamp
- 3. Filter Commands in History
- 4. Ignore Duplicate Commands in History
- 5. Unset export Command
- 6. Save export Command Permanently
- 7. List Specific User’s Executed Commands
- 8. Disable Storing History of Commands
- 9. Delete or Clear History of Commands
- 10. Search Commands in History Using Grep Command
- 11. Search Lastly Executed Command
- 12. Recall Last Executed Command
- 13. Recall Lastly Executed Specific Command
- Как посмотреть историю команд всех пользователей в Linux?
How can I see all of the bash history?
In this case, the shell can not see the history executed by shell(1), but I want to see all of the bash history in every shell. So my question is how can I see all of the bash history? Does anybody know how to hack? Thank you very much in advance!
5 Answers 5
would also work, although I tend to just use
How to do it when I am working in a virtual environment (venv)? ~/.bash_history shows only the commands outside of the virtual environment.
@Raif — you would need access to the terminal within the virtual environment as the «user» running the app commands (root or the equivalent).
You should look into the histappend shell option and the -a flag to history :
histappend
If set, the history list is appended to the file named by the value of the HISTFILE variable when the shell exits, rather than overwriting the file.
history
-a Append the «new» history lines (history lines entered since the beginning of the current bash session) to the history file.
If you put history -a into your PROMPT_COMMAND , you’ll get an always-up-to-date .bash_history file.
Edit your .bashrc and append this to it’s end:
shopt -s histappend PROMPT_COMMAND="history -n; history -a" unset HISTFILESIZE HISTSIZE=2000 You can install something like Advanced Shell History, which will log each command to a sqlite3 database. It comes with a tool for querying the database from the command line. https://github.com/barabo/advanced-shell-history
With this setup, you will have a unified view of command history across all sessions. You also get things like command history for the current working directory (or subtree), command exit code, command duration, etc.
Full disclosure: I wrote and maintain the tool.
As several have noted, you need to use shopt -s histappend . Check by running shopt and verifying that histappend is ‘on’.
To ensure that each command (across multiple concurrent shells) appears in the history for each of those shells, add this at the end of your .bashrc file:
# Skip if not an interactive shell if [ -z "$" ]; then return; fi export PROMPT_COMMAND="history -a; history -c; history -r; $" -a: appends the new history lines (history lines entered since the beginning of the current Bash session) to the history file.
-c: clears the history list.
-r: reads the current history file and append its contents to the history list.
Run source .bashrc or create new sessions and in several terminal windows enter the comment #Tn in each. Then on one terminal, enter history | tail -N to see the last N lines. You should see all of the comments entered on the different terminals.
It may be helpful to add the following to /etc/profile.d/bashrc.sh in order to get a timestamp on each line of the history:
if [ -z "$" ]; then return; fi export HISTTIMEFORMAT='%F %T ' The result looks like this:
[moi@laBoheme ~]$ history | tail -4 3292 2019-01-22 12:41:25 # T1 3293 2019-01-22 12:41:32 # T2 3294 2019-01-22 12:41:44 # T3 3295 2019-01-22 12:41:50 history | tail -4 The Power of Linux “History Command” in Bash Shell
We use history command frequently in our daily routine jobs to check history of command or to get info about command executed by user. In this post, we will see how we can use history command effectively to extract the command which was executed by users in Bash shell. This may be useful for audit purpose or to find out what command is executed at what date and time.
By default date and timestamp won’t be seen while executing history command. However, bash shell provides CLI tools for editing user’s command history. Let’s see some handy tips and tricks and power of history command.
1. List Last/All Executed Commands in Linux
Executing simple history command from terminal will show you a complete list of last executed commands with line numbers.
[[email protected] ~]$ history 1 PS1='\e[1;35m[\[email protected]\h \w]$ \e[m ' 2 PS1 /cdn-cgi/l/email-protection" data-cfemail="becbfe">[email protected]\h \W]$ \e[m " 3 PS1 /cdn-cgi/l/email-protection" data-cfemail="dfaa9f">[email protected]\h:\w [\j]$ " 4 ping google.com 5 echo $PS1 6 tail -f /var/log/messages 7 tail -f /var/log/messages 8 exit 9 clear 10 history 11 clear 12 history
2. List All Commands with Date and Timestamp
How to find date and timestamp against command? With ‘export’ command with variable will display history command with corresponding timestamp when the command was executed.
[[email protected] ~]$ export HISTTIMEFORMAT='%F %T ' 1 2013-06-09 10:40:12 cat /etc/issue 2 2013-06-09 10:40:12 clear 3 2013-06-09 10:40:12 find /etc -name *.conf 4 2013-06-09 10:40:12 clear 5 2013-06-09 10:40:12 history 6 2013-06-09 10:40:12 PS1='\e[1;35m[\[email protected]\h \w]$ \e[m ' 7 2013-06-09 10:40:12 PS1 /cdn-cgi/l/email-protection" data-cfemail="f683b6">[email protected]\h \W]$ \e[m " 8 2013-06-09 10:40:12 PS1 /cdn-cgi/l/email-protection" data-cfemail="681d28">[email protected]\h:\w [\j]$ " 9 2013-06-09 10:40:12 ping google.com 10 2013-06-09 10:40:12 echo $PS1
Meaning of HISTTIMEFORMAT variables
%F Equivalent to %Y - %m - %d %T Replaced by the time ( %H : %M : %S )
3. Filter Commands in History
As we can see same command is being repeated number of times in above output. How to filter simple or non destructive commands in history?. Use the following ‘export‘ command by specifying command in HISTIGNORE=’ls -l:pwd:date:’ will not saved by system and not be shown in history command.
[[email protected] ~]$ export HISTIGNORE='ls -l:pwd:date:'
4. Ignore Duplicate Commands in History
With the below command will help us to ignore duplicate commands entry made by user. Only single entry will be shown in history, if a user execute a same command multiple times in a Bash Prompt.
[[email protected] ~]$ export HISTCONTROL=ignoredups
5. Unset export Command
Unset export command on the fly. Execute unset export command with variable one by one whatever commands have been exported by export command.
6. Save export Command Permanently
Make an entry as follows in .bash_profile to save export command permanently.
[[email protected] ~]$ vi .bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs export HISTCONTROL=ignoredups PATH=$PATH:$HOME/bin export PATH
7. List Specific User’s Executed Commands
How to see command history executed by a specific user. Bash keeps records of history in a ‘~/.bash_history’ file. We can view or open file to see the command history.
[[email protected] ~]$ vi .bash_history cd /tmp/ cd logstalgia-1.0.3/ ./configure sudo passwd root apt-get install libsdl1.2-dev libsdl-image1.2-dev libpcre3-dev libftgl-dev libpng12-dev libjpeg62-dev make gcc ./configure make apt-get install libsdl1.2-dev libsdl-image1.2-dev libpcre3-dev libftgl-dev libpng12-dev libjpeg62-dev make gcc++ apt-get install libsdl1.2-dev libsdl-image1.2-dev libpcre3-dev libftgl-dev libpng12-dev libjpeg62-dev make gcc apt-get install make mysql -u root -p apt-get install grsync apt-get install unison unison
8. Disable Storing History of Commands
Some organization do not keep history of commands because of security policy of the organization. In this case, we can edit .bash_profile file (It’s hidden file) of user’s and make an entry as below.
[[email protected] ~]$ vi .bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin HISTSIZE=0 export PATH .bash_profile (END)
Save file and load changes with below command.
Note: If you don’t want system to remember the commands that you have typed, simply execute below command which will disable or stop recording history on the fly.
Tips: Search ‘HISTSIZE‘ and edit in ‘/etc/profile’ file with superuser. The change in file will effect globally.
9. Delete or Clear History of Commands
With up and down arrow, we can see previously used command which may be helpful or may irate you. Deleting or clearing all the entries from bash history list with ‘-c‘ options.
10. Search Commands in History Using Grep Command
Search command through ‘.bash_history‘ by piping your history file into ‘grep‘ as below. For example, the below command will search and find ‘pwd‘ command from the history list.
[[email protected] ~]$ history | grep pwd 113 2013-06-09 10:40:12 pwd 141 2013-06-09 10:40:12 pwd 198 2013-06-09 15:46:23 history | grep pwd 202 2013-06-09 15:47:39 history | grep pwd
11. Search Lastly Executed Command
Search previously executed command with ‘Ctrl+r’ command. Once you’ve found the command you’re looking for, press ‘Enter‘ to execute the same else press ‘esc‘ to cancel it.
(reverse-i-search)`source ': source .bash_profile
12. Recall Last Executed Command
Recall a previously used specific command. Combination of Bang and 8 (!8) command will recall number 8 command which you have executed.
13. Recall Lastly Executed Specific Command
Recall previously used command (netstat -np | grep 22) with ‘!‘ and followed by some letters of that particular command.
[[email protected] ~]$ !net netstat -np | grep 22 (No info could be read for "-p": geteuid()=501 but you should be root.) tcp 0 68 192.168.50.2:22 192.168.50.1:1857 ESTABLISHED - tcp 0 0 192.168.50.2:22 192.168.50.1:2516 ESTABLISHED - unix 2 [ ] DGRAM 12284 - @/org/freedesktop/hal/udev_event unix 3 [ ] STREAM CONNECTED 14522 - unix 2 [ ] DGRAM 13622 - unix 3 [ ] STREAM CONNECTED 12250 - @/var/run/hald/dbus-ujAjOMNa0g unix 3 [ ] STREAM CONNECTED 12249 - unix 3 [ ] STREAM CONNECTED 12228 - /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 12227 -
We have tried to highlight power of history command. However, this is not end of it. Please share your experience of history command with us through our comment box below.
Как посмотреть историю команд всех пользователей в Linux?
как посмотреть историю введенных команд всех пользователей в системе, не проваливаясь под каждого юзера?
Простой 1 комментарий
Вам привели примеры при условии, если все пользователи знают только стандартный Bash.
Нередко используют и zsh и fish — у них история хранится в других местах.
grep -e «$pattern» /home/*/.bash_history
(при условии, что все пользователи лежат в /home/*)
ну или чтоб знать кто точно
getent passwd | cut -d : -f 6 | sed 's:$:/.bash_history:' | xargs -d '\n' grep -s -H -e "$pattern"
Sha644, ну немного докрутить. Я думаю, что это нужно не для того, чтоб команды из под рута смотреть. а прочих засранцев 🙂
grep -e "$pattern" /home/*/.bash_history /root/.bash_history
при корректном выходе пользователя, его история сохраняется в его домашнем каталоге в .<ШЕЛЛ>_history — например $HOME/.bash_history, $HOME/.ksh_history
Файл доступен только пользователю, или суперпользователю.
Следовательно запускайте cat от суперпользователя
sudo cat /home/ЮЗЕР/.bash_history
можно одной командой сразу все (правда эта команда скорее всего бесполезна):