All of us who manage servers know that we must have control or at least frequently supervise all activity that other users do on the server, there are several ways to keep track of users, today I will show you an application that will help us with this: act
To install it you know, install the acct package, in distros like Debian or derivatives:
apt-get install acct
Once installed, we are going to make sure the daemon is active:
service acct start
In distros that use systemd it would be:
systemctl start acct
Well, it is up and running. and now that? 🙂
We have many options now, or rather, many new commands. For example:
Command ac
The ac command gives us connection time information, if we execute it without parameters it will tell us how long users were logged into the system.
If we execute it with the -d parameter it will divide it into days, that is:
While the parameter -p It divides it into users:
And if you want to mix the results, we can see the connection time of each user divided by days with the command: ac -d the_user
Command sa
This command shows us as such other commands executed by other users, for example:
sa -u
This will show us the last commands executed by any user on the system:
Lastcomm command
This command shows us the last commands executed by each user, by default it will show us the last commands of all users, but obviously we can tell it to show us only the commands of a certain user, for example:
lastcomm root
And we can also search instead of by user, search by command:
lastcomm COMANDO
That is:
lastcomm touch
And here I have finished talking about the commands that we will have available if we install the acct package
As I said at the beginning, there are several ways to know what a user does or stops doing in the system, we can also always check the .bash_history of his home but, as some should know, the content of the history can be deleted so, method that I present here can be very effective compared to others 😉
regards
This is very good, I'll try it
Uff, chiché hottie, I didn't know him, big KZ!
ERRATA: chiche 😉
You may be interested in this other tool similar to acct but oriented to the network use of each logged in user: http://www.pmacct.net/
Thanks, I try to put interesting things ... today I have prepared another very good post 😀
Very interesting 🙂
Ahhh ... the terminal ... there is nothing to give it ...
It only remains to learn the commands and use them.
That's true.
The good thing about GNU / Linux is that you don't depend on keyloggers or anything like that. That's what the terminal is for (although it is itself a double-edged tool).
I'm going to test it 🙂 For the Archers, the package is in AUR as "acct".