0

I am trying to create an audit file. I have seen you can use history to see what commands have been executed.

This can be modified to show the timestamps and other features such as blocking specific commands from being shown in tutorials, but I am finding it is not working as featured in the tutorials

adds time:

export HISTTIMEFORMAT='%F %T  '

supposed to remove ls, pwd, cd and date:

export HISTIGNORE='ls:pwd:date:cd:'

history output after entering these commands:

 2077  2020-04-30 11:47:25 export HISTIGNORE='ls:pwd:date:cd:'
 2078  2020-04-30 11:47:33 cd ..
 2079  2020-04-30 11:47:41 history
 2080  2020-04-30 11:48:25 cd a2
 2081  2020-04-30 11:48:32 cd a2
 2082  2020-04-30 11:48:38 history

Am I viewing dated tutorials or have I messed up the command?

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
throwaway56786897
  • 13

2 Answers2

1

Your cd commands are not ignored because your HISTIGNORE pattern contains only cd; the bash manual states, in part, for HISTIGNORE:

Each pattern is anchored at the beginning of the line and must match the complete line (no implicit ‘*’ is appended)

You might be interested in setting HISTIGNORE to include cd and cd * (as well as ls and ls *) to cover the cases you showed.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
  • Other examples on the site: https://unix.stackexchange.com/questions/32460/excluding-some-of-the-commands-from-being-getting-stored-in-bash-history and https://unix.stackexchange.com/questions/352557/second-terminal-without-history/352560#352560 – Jeff Schaller Apr 30 '20 at 12:17
  • Ahh ok. Is there a way to see a list of the current modifications made to the history command? – throwaway56786897 Apr 30 '20 at 12:21
  • The current values of the "HIST*" variables will show you the modifications being applied. If you meant "what were the previous values of those variables" then you'd have to hope that those were saved in the shell history. Previously-ignored commands will not show up in the shell history. – Jeff Schaller Apr 30 '20 at 12:22
-1

You can try:

  1. Open the /etc/profile in editable mode, since it is readonly.

  2. Define following two variables and save the file:

HISTTIMEFORMAT='%d-%m-%y %T '

HISTIGNORE='ls:pwd:date:cd'

  1. source /etc/profile

This applies globally, if you want only for your user then follow the same steps at ~/.bash_profile.

Good luck

Rasulli
  • 101
  • The OP gave no indication that /etc/profile was readonly. Perhaps you meant that it's usually owned by root? It's also not a good file to edit for local user customizations. Your ~/.bash_profile is the right file, but your proposal doesn't fix the issue. – Jeff Schaller May 01 '20 at 13:19