Monitor user activity with acct command

All of us who manage servers know that we must have control or at least frequently supervise all activity that other users do on the server, there are several ways to keep track of users, today I will show you an application that will help us with this: act

To install it you know, install the acct package, in distros like Debian or derivatives:

apt-get install acct

Once installed, we are going to make sure the daemon is active:

service acct start

In distros that use systemd it would be:

systemctl start acct

Well, it is up and running. and now that? 🙂

We have many options now, or rather, many new commands. For example:

Command ac

The ac command gives us connection time information, if we execute it without parameters it will tell us how long users were logged into the system.

If we execute it with the -d parameter it will divide it into days, that is:

While the parameter -p It divides it into users:

And if you want to mix the results, we can see the connection time of each user divided by days with the command: ac -d the_user

Command sa

This command shows us as such other commands executed by other users, for example:

sa -u

This will show us the last commands executed by any user on the system:

Lastcomm command

This command shows us the last commands executed by each user, by default it will show us the last commands of all users, but obviously we can tell it to show us only the commands of a certain user, for example:

lastcomm root

And we can also search instead of by user, search by command:

lastcomm COMANDO

That is:

lastcomm touch

And here I have finished talking about the commands that we will have available if we install the acct package

As I said at the beginning, there are several ways to know what a user does or stops doing in the system, we can also always check the .bash_history of his home but, as some should know, the content of the history can be deleted so, method that I present here can be very effective compared to others 😉

regards