I am trying to find a way to record every single command that is executed by any user on the system.
Things that I have came across earlier.
First, It is possible to view shell commands executed from the terminal using ~/.bashrc_history file.
There is a catch here, it logs only those commands which were executed interactively from bash, shell, terminal.
This solves one of my problems. But in addition to it, I would like to log those commands also which were executed as a part of the shell script.
Note: I don't have control over shell script. Therefore, adding verbose mode like
#!/bin/bash -xeHowever, this can be assumed that I have root access as a system administrator.
Eg: I have another user that has access to the system. And he runs the following shell script using from his account.
#!/bin/sh
nmap google.com
and run as $ sh script.sh.
Now, What I want is nmap google.com command should be logged somewhere once this file is executed.
I would like to clarify that users are unaware that they are being monitored. So I need a solution something at system level, maybe an agent running with root. I cannot depend on user to log suspicious activity. Of course everyone will avoid such tricks to put blame on someone else if they do something fishy or wrong.
Thanks in advance. Even a small help is appreciated.
I am aware that you were asking for Bash and Shell scripting and tagged your question accordingly, but in respect to your requirements
I am under the assumption that you are looking for Audit Logging.
So you may take advantage from articles like