====== Linux - Sudo - Sudoers - Record tty commands run by a ldap user after sudo to a service account and store them to a file ======

Example:

<code bash>
[user@test1] / # sudo su - oracle
[oracle@test1] /home/oracle # hostname
test1
[oracle@test1] /home/oracle # pwd
/home/oracle
</code>

How to have sudo store these commands (hostname, pwd, etc) to a file after a user sudo to service account (oracle, etc) and run commands as that service account on a server?

----

===== Solution =====

First, create a log directory and set the sticky bit on it.

<code bash>
sudo mkdir -p /var/log/users_historylogs/
sudo chmod +t  /var/log/users_historylogs/ 
</code>

Next, create a new script file under **/etc/profile.d/** directory.

<code bash>
sudo vi /etc/profile.d/history_log.sh
</code>

And add the below content at the bottom, save, and exit.

<file bash /etc/profile.d/history_log.sh>
_who_am_i=$(whoami|awk '{print $1}')
_ID=$(id -u $_who_am_i)
 
if [ "$_ID" > 0 ]
then
export HISTSIZE=10000
export HISTTIMEFORMAT='%F %T '
export HISTFILE=/var/log/users_historylogs/history-users-$(whoami | awk '{print $1}';exit)-$(date +%F)
export PROMPT_COMMAND='history -a'
fi
</file>

Set the permission and enable the script.

<code bash>
chmod 770 /etc/profile.d/history_log.sh
source /etc/profile.d/history_log.sh
</code>

Now all user executed commands history saved to log file…