How to view command history of another user in Linux?

linux administration command-history

Solution 1:

On Debian-based operating systems, doing tail /var/log/auth.log | grep username should give you a user's sudo history. I don't believe there is a way to get a unified command history of a user's normal + sudo commands.

On RHEL-based operating systems, you would need to check /var/log/secure instead of /var/log/auth.log.

Solution 2:

Just tested the following, and it worked like a charm.

sudo vim /home/USER_YOU_WANT_TO_VIEW/.bash_history

Solution 3:

use below command 

sysdig -c spy_users

if sysdig not installed, install here

Solution 4:

If the user issued a command as in sudo somecommand, the command will appear in the system log.

If the user spawned a shell with eg, sudo -s, sudo su, sudo sh, etc, then the command may appear in the history of the root user, that is, in /root/.bash_history or similar.

Solution 5:

# zless /var/log/auth* is your friend here. It opens even the gzipped files. You can jump between those with :n forwards or :p backwards.

Alternatively, you can use # journalctl -f -l SYSLOG_FACILITY=10 for instance. Read more about this on the Arch Linux wiki

Related

How to synchronize directories outside the Google Drive directory
Do 64bit software/applications require more RAM than their 32bit counterparts?
How to tar directory and then remove originals including the directory?
What does the "Bitmap Caching" option do in the Remote Desktop Client?
Is it possible to assign a specific style to all cross-references in Word 2007?
How to open a big file in Notepad++?
How to increase the visualized screen resolution on QEMU / KVM?
How can I add additional connector (glue) points to a shape in word or powerpoint?
Set background image in xmonad
How can I discard file change from fugitives status window?
Linux equivalent to robocopy?
No option to hibernate/shutdown in GNOME 3?