How to log history from all users and customize PS1 for ever user

Share this post on:

How to log history from all users and customize PS1 for ever user

The shell program /bin/bash (hereafter referred to as just “the shell”) uses a collection of startup files to help create an environment. Each file has a specific use and may affect login and interactive environments differently. The files in the /etc directory generally provide global settings. If an equivalent file exists in your home directory it may override the global settings.

An interactive login shell is started after a successful login, using /bin/login, by reading the /etc/passwd file. This shell invocation normally reads /etc/profile and its private equivalent ~/.bash_profile (or ~/.profile if called as /bin/sh) upon startup.

An interactive non-login shell is normally started at the command-line using a shell program (e.g., [prompt]$/bin/bash) or by the /bin/su command. An interactive non-login shell is also started with a terminal program such as xterm or konsole from within a graphical environment. This type of shell invocation normally copies the parent environment and then reads the user’s ~/.bashrc file for additional startup configuration instructions.

A non-interactive shell is usually present when a shell script is running. It is non-interactive because it is processing a script and not waiting for user input between commands. For these shell invocations, only the environment inherited from the parent shell is used.

The file ~/.bash_logout is not used for an invocation of the shell. It is read and executed when a user exits from an interactive login shell.

Many distributions use /etc/bashrc for system wide initialization of non-login shells. This file is usually called from the user’s ~/.bashrc file and is not built directly into bash itself. This convention is followed in this section.

Edit the /etc/profile.d/ with your desired editor, and add the following lines to the initiated file:

PS1="ɢᴏʀᴅᴀʀɢ - ${USER}: \[\033[01;34m\]\w\[\033[00m\]\$ "
export HISTCONTROL=ignoredups:erasedups
export HISTSIZE=100000
export HISTFILESIZE=100000
shopt -s histappend
PROMPT_COMMAND='history -a;history -n'

As mentioned in the quoted documents above from Linux manual, some distros may overwrite /etc/profile with dot files stored in users’ home directory. You may need to disable or edit them: mv ~/.bashrc ~/.bashrc-bak

How to use this

grep -r -H 'auth' /etc/logrotate.d/* | awk -F : ' { print $1 } '
cat /var/log/auth.log | grep 'Accepted password for'
date -d @1706789111
awk '{match($0,/SRC=[0-9]+.[0-9]+.[0-9]+.[0-9]+/); ip = substr($0,RSTART+4,RLENGTH-4); match($0,/DPT=[0-9]{0,5}/); port = substr($0,RSTART+4,RLENGTH-4); print ip,port}' /var/log/ufw.log | sort | uniq -c | sort
Share this post on:

Author: tayyebi

Tayyebi works in the role of Director at Gordarg where he is the founder. He is passionate about people, technology, and arts. Mohammad believes in communications, each of us has the power to empower their people with knowledge. He can be seen writing codes, playing music, biking, and reading.

View all posts by tayyebi >