0

I have a requirement. I need to print a specific message while a unix command is run by any user. For example, if someone runs cat command or if cat command gets executed on command line. I need a custom message on the terminal.

Randeep Singh
  • 91
  • 1
  • 2
  • 11
  • 1
    I'd consider asking this at [unix.se], as it's less a question about software development and more a question about system configuration and monitoring. (Now, if you'd already decided on an approach, and wanted help with a specific issue encountered during development of a shim program, a tool to parse sysdig output, or another specific software development issue encountered while trying to implement a tool for this purpose, that could well be on-topic here). – Charles Duffy Jun 05 '18 at 16:39
  • I hope this will help you https://stackoverflow.com/questions/5750450/bash-print-each-command-before-executing – Wellwisher Jun 05 '18 at 16:45
  • @Wellwisher, the OP here wants something that applies across an entire system (across multiple user accounts, etc). – Charles Duffy Jun 05 '18 at 16:52

3 Answers3

3

Use spydig:

sysdig -c spy_users

Alternative 1

Execute w with watch:

watch -n,5 w -h
  • w shows you what the users actually do
  • watch calls a command (w in this case) repeatedly in a user-given time interval (0,5 seconds in this case)

Alternative 2

Look in the users shell history e.g. .bash_history:

tail -f /home/userxyz/.bash_history
Rene Knop
  • 1,788
  • 3
  • 15
  • 27
  • 1
    The `sysdig` approach here is the only one that is not either race-prone or limited to only showing commands started under very specific circumstances. I would suggest showing it first, if retaining the other "options" at all. – Charles Duffy Jun 05 '18 at 17:00
0

Remove cat from your search path and replace it with your wrapper script. Put the original command somewhere else. Make sure you handle exit codes properly.

Krzysztof Kaszkowiak
  • 886
  • 6
  • 17
  • You might make this more explicit -- ie. show the actual commands (`mv /usr/bin/cat{,_real}` `cat >/usr/bin/cat </dev/null 2>&1` `exec /usr/bin/cat_real "$@"` `EOF`, or whatnot). – Charles Duffy Jun 05 '18 at 17:06
0

You can install the package "psacct" / "acct"

apt-get install acct
or
yum install psacct

Enable it using 

systemctl enable psacct
systemctl start psacct

and now you can check everything a user runs on the system.

ac user
ac -d user
lastcomm
lastcomm user

Also check out "auditd" for more auditing and logging of events.

akjprajapati
  • 138
  • 2
  • 9