How to log all commands for ssh users

[Aerosol]

For the begin you should add the next code in a file named log_users:

#!/bin/bash
# Author razvan1
# If have any issues send an PM on hackyard.net/forum

FILE=/etc/bash.bashrc
FILE1=/etc/rsyslog.d/bash.conf
FILE2=/etc/init.d/rsyslog
FILE3=/etc/logrotate.d/rsyslog

if [ -f $FILE ]; then
   echo "export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )[$RETRN_VAL]"'" >> /etc/bash.bashrc
else
   echo "File $FILE does not exists"
   exit 0
fi

if [ -f $FILE1 ]; then
   echo "File $FILE1 exists. Delete it"
   exit 0
else
   touch /var/log/commands.log
   echo "local6.* /var/log/commands.log" >> /etc/rsyslog.d/bash.conf
fi

if [ -f $FILE3 ]; then
   sed '/"\var\log\messages"/a "\var\log\commands.log"' $FILE3
else
   echo "File $FILE3 does not exists"
   exit 0
fi

if [ -f $FILE2 ]; then
   service rsyslog restart
else
   echo "File $FILE2 does not exists. Install? [y/N]"
        read -p "Install rsyslog? [y/N] " -n 1 -r
        echo
        if [[ $REPLY =~ ^[Yy]$ ]]
        then
           apt-get install rsyslog -y
        else
           exit 0
        fi
fi

After proceed this step use the command chmod +x log_users to be able to run the script and enjoy it

Author: razvan1@hy