I have provided sudo
to ten users to become another user like nsup
.
I want to track which user executes which command after they become nsup
.
If there is a way to store the log files in a common file that would be great.
I have tried looking at /var/log/secure
, but from there I cannot distinguish which user executed which command after they became nsup
. It shows only which user executed the command to become nsup
, and nothing beyond that.
Best Answer
If your users use bash, you can use an /etc/bash.bash_logout script to save an extra copy of the history in time-stamped format.
For example, I wrote the following to provide an audit-trail of who did what and when (on a server with multiple sudo users), and also to preserve history in case the machine was broken into: