Hi All, Can anybody suggest any script which will secretly copy all commands fired into a file on my multiuser system with their time,terminal number, user and status(echo $0).I know I can use history or last to know commands fired or last successful logins,but I dont want want to alert anybody that I am keeping tab on their commands.Hence I do not want to make (say) /.bash_history uneditable with -rw-r--r--(let ppl even delete history or /var/adm/messages with :echo "" > /.bash_history). Reason is that here other people also have root access and I dont have any control over which shell they use, so I dont want to be held responsible for any mishappenings. I am not good at scripting,but I think approach should be:- A cron entry with an innocuous name like "date.ksh" will point to myscript. It will every 5 minutes look into all history files and copy last commands executed into another file(not sure if tail -f will work). I dunno how to get status and terminal and which user fired it. I think above is very basic,crude blue-print,I dont know how to put this in a script. Thanx a lot in Advance for all the help. Regards

First, the bash/ksh shell history files aren't going to provide all the information you are seeking. The history files contain only the last command executed. And as you alluded to, history files can be edited. Second, the sort of detailed information you are seeking would probably only be generated by the Unix/Linux kernel. Solaris provides the Basic Security Module, BSM. You can read about it here: http://www.sunwizard.net/html/PDFs/... google for more information. Personally, I don't use BSM because it generates a ton of data and tends to be resource intensive. Also, you'd probably have to parse thru the data gathering what you want. That's probably not what you wanted to hear.

Hi Nails, Thanx for the link and the quick response as always. Hmmm so it involves burning a lot of midnight oil.....Think need to get down to business then. Regards and Thanx once again