AIX, Red Hat, Security, System Admin↑ System-wide separated shell history files for each user and session

Here's how you can set up your /etc/profile in order to create a separate shell history file for each user and each login session. This is very useful when you need to know who exactly ran a specific command at a point in time. For Red Hat Linux, put the updates in either /etc/profile or /etc/bashrc.

Put this in /etc/profile on all servers:

# execute only if interactive
if [ -t 0 -a "${SHELL}" != "/bin/bsh" ]
 d=`date "+%H%M.%m%d%y"`
 t=`tty | cut -c6-`
 u=`who am i | awk '{print $1}'`
 w=`who -ms | awk '{print $NF}' | sed "s/(//g" | sed "s/)//g"`
 y=`tty | cut -c6- | sed "s/\//-/g"`
 mkdir $HOME/.history.$USER 2>/dev/null
 export HISTFILE=$HOME/.history.$USER/.sh_history.$USER.$u.$w.$y.$d
 find $HOME/.history.$USER/.s* -type f -ctime +91 -exec rm {} \; 2>/dev/null

 H=`uname -n | cut -f1 -d'.'`
 if [ ${mywhoami} = "root" ] ; then
  PS1='${USER}@(${H}) ${PWD##/*/} # '
  PS1='${USER}@(${H}) ${PWD##/*/} $ '

# Time out after 60 minutes
# Use readonly if you don't want users to be able to change it.
# readonly TMOUT=3600
export TMOUT

When using ksh, put this in /etc/environment, to turn on time stamped history files:

# Added for extended shell history

When using bash, put this in /etc/bashrc, to enable time-stamped output when running the "history" command:


This way, *every* user on the system will have a separate shell history in the .history directory of their home directory. Each shell history file name shows you which account was used to login, which account was switched to, on which tty this happened, and at what date and time this happened.

Shell history files are also time-stamped internally. For AIX, you can run "fc -t" to show the shell history time-stamped. For Red Hat, you can run: "history". Old shell history files are cleaned up after 3 months, because of the find command in the example above. Plus, user accounts will log out automatically after 60 minutes (3600 seconds) of inactivity, by setting the TMOUT variable to 3600. You can avoid running into a time-out by simply typing "read" or "\" followed by ENTER on the command line, or by adding "TMOUT=0" to a user's .profile, which essentially disables the time-out for that particular user.

One issue that you now may run into on AIX, is that because a separate history file is created for each login session, that it will become difficult to run "fc -t", because the fc command will only list the commands from the current session, and not those written to a different history file. To overcome this issue, you can set the HISTFILE variable to the file you want to run "fc -t" for:

# export HISTFILE=.sh_history.root.user.

Then, to list all the commands for this history file, make sure you start a new shell and run the "fc -t" command:

# ksh "fc -t -10"

This will list the last 10 commands for that history file.

0 (0)
Article Rating (No Votes)
Rate this article
There are no attachments for this article.
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
AIX - How to get CPU infomation
Viewed 5139 times since Fri, Jun 8, 2018
Tunneling With SSH to Your Destination
Viewed 3941 times since Wed, May 30, 2018
A tcpdump Tutorial and Primer with Examples
Viewed 4686 times since Sun, Jun 17, 2018
How to Investigate a System Reboot
Viewed 4382 times since Mon, Jul 16, 2018
Creating Normal,Big,Scalable VG on AIX
Viewed 14305 times since Fri, Feb 1, 2019
What is OS Watcher Utility and How to use it for Database Troubleshooting ?
Viewed 29607 times since Thu, Jun 21, 2018
IBM AIX MPIO: Best practices and considerations
Viewed 10812 times since Wed, May 30, 2018
HOWTO: Implement SEA Failover with Dual VIOS
Viewed 7291 times since Tue, Jun 4, 2019
Manages processor scheduler tunable parameters schedo AIX
Viewed 2425 times since Thu, Sep 20, 2018
How to set Kernel Parameters in AIX ?
Viewed 14347 times since Tue, Jul 2, 2019