Linux user history log

Where is the log of used commands in Linux?

command provides the list of commands we used previously but its limit is less. New commands are overwritten on old commands then old commands are missing. I think somewhere the log of the commands is stored in the system. Is that log available to open and read? If possible can we change the maximum size of log that it can handle? Is the output of history command depends upon the login-user?

5 Answers 5

A simple solution is to increase the number of commands saved and returned by history . If you use bash, add this line to your ~/.profile :

export HISTSIZE=100000 export HISTFILESIZE=999999 

 HISTFILESIZE The maximum number of lines contained in the history file. When this variable is assigned a value, the history file is trun‐ cated, if necessary, to contain no more than that number of lines by removing the oldest entries. The history file is also truncated to this size after writing it when a shell exits. If the value is 0, the history file is truncated to zero size. Non-numeric values and numeric values less than zero inhibit truncation. The shell sets the default value to the value of HISTSIZE after reading any startup files. HISTSIZE The number of commands to remember in the command history (see HISTORY below). If the value is 0, commands are not saved in the history list. Numeric values less than zero result in every command being saved on the history list (there is no limit). The shell sets the default value to 500 after reading any startup files. 

@gafoor yes, the history file I mention in my answer. Nothing else by default. If you set the variables I shows, you will keep a list of thousands of commands.

The file ~/.bash_history saves the list of executed commands. At least in CentOS this file exists, I don’t know if it exists in other distros.

@AbdulGafoor yes, but that’s what you see when you run history . It will only have as many commands as those returned by history . To keep more, you need to set the variables I show in my answer.

This file also exists in Mac OSX. You can type vim ~/.bash_history to see the contents of the file under Mac.

It’s the HISTFILE variable which sets the location history file, which by default (for bash) is ~/.bash_history

There is no such log, at least not by default.

There are tools you can install, like acct («GNU Accounting utilities for process and login accounting») which can keep track of all programs executed on the system.

acct is packaged for most (probably all except tiny-distros) linux distros. The home page is at http://www.gnu.org/software/acct/

acct provides the following commands, lastcomm probably does what you’re asking for:

ac prints statistics about users’ connect time. ac can tell you how long a particular user or group of users were connected to your system, printing totals by day or for all of the entries in the wtmp file.

accton turns accounting on or off.

lastcomm lists the commands executed on the system, most recent first, showing the run state of each command. With last, you can search the acct file for a particular user, terminal, or command.

sa summarizes the information in the acct file into the savacct and usracct file. It also generates reports about commands, giving the number of invocations, cpu time used, average core usage, etc.

dump-acct dump-utmp display acct and utmp files in a human-readable format.

Источник

How to check user login history in Linux?

Linux is one of the most accepted operating systems for multi-user setup. A multi-user operating system means a system that more than one user can access. These systems are mostly used in servers of large organizations, businesses, government, and educational sectors.

Different users access the multi-user operating system, and to monitor users’ activity, it is important to keep an eye on login history. Login history gives useful information about different users who have accessed the machine, such as username, terminal name, IP address, date, and time of logging in. Moreover, login history also helps to identify different issues, especially for troubleshooting.

This write-up is focusing on an approach to check the user login history. Before getting into that, let’s understand how Linux arrange and manage login data:

How Linux store log files?

Linux (Ubuntu) stores login data into three locations:

• var/log/utmp – It contains information about users who are currently logged in
• var/log/utmw – It contains the history of all logged-in users
• var/log/btmp – It keeps all bad login attempts

All of these files stores login information and login attempts as well.

How to check the login history?

To check the login history, use the following command:

It gives information about all the users who logged in successfully. It searches through the “var/log/utmw” file and displays the history of all users who have logged in since creating the file.

The above output shows that the different users connected to the server from a machine with IP “192.168.8.113”, “pts/1” indicate that the server was accessed via SSH.

How to check the login history of a specific user?

To check the login history of a specific user, uses the “last” command with the username of that particular user:

I am checking for “martin”; the command would be:

How to check the specific number of logins?

If numerous people are accessing the server, then the login history would be huge. To trim the number of logins, follow the below-mentioned syntax:

Replace “X” with the number of logins you want to display as standard output:

You can also use it with a specific username:

How to check bad login attempts:

As discussed above that Linux also keeps the information of bad login attempts. To display it, use the command given below:

Observing bad login attempts is very critical for security reasons of the server. You can easily identify an unknown IP address that is probably trying to access the server.

Conclusion:

Linux is the most preferred operating system for servers in many businesses because it is a secure multi-user platform. Many users access a server, and to keep a check on user activity, we need user login information. In this guide, we learned how to examine user login history in Linux. Moreover, we also analyzed how bad attempts can be tackled to secure the server. We used the “last” command, but another tool called “aureport” tracks successful and failed logins.

About the author

Sam U

I am a professional graphics designer with over 6 years of experience. Currently doing research in virtual reality, augmented reality and mixed reality.
I hardly watch movies but love to read tech related books and articles.

Источник

Where are ALL ubuntu logs/terminal history stored

In what folders are the logs and key histories stored so that I may make a script to purge them. Is there a specific folder for the hibernation partition or a file by which it keeps the RAM data on hibernate? Is someone wanted to get rid of all command history/program load history/program execution history, where would they go?

4 Answers 4

There are a lot of places where things get logged, and it will be very diffucult to be exhaustive, depending on what applications you use. That said, here are the main places I can think of:

• most system logs go into /var/log
• firefox stores your history, cookies, etc. in ~/.mozilla/firefox This can be purged from Firefox (shift+ctrl+suppr)
• zeitgeist is an history daemon, that populates the dash recent history. It can be purged from the privacy settings
• terminal command history is saved on a per-user basis in ~/.bash_history Deleting this file will remove this history.
• gnome applications (gedit, nautilus, etc. ) store recently used files in ~/.local/share/recently-used.xbel This file can be deleted if needed.

These are the main places I can think of, but any application can log things in various places. so it really depends on what logs you want to remove.

As mentionned by MrVaykadji, BleachBit is a GPL software that automates such cleansing task, and let you delete «log files» for a wide variety of known softwares. You can also easily add new cleaners with simple xml files. Might be what you are (ware) looking for!

Источник