If you are giving Shell access to your web hosting users you might want to check what commands they are using. In cPanel, there is a file in the user’s home directory that keeps the SSH history.
The file is /home/username/.bash_history
The dot in from of the filename means the file is hidden. You can use the cat command to see the file content:
root@web [/home/test]# cat .bash_history #1521029684 exit #1584542216 ls #1584542218 w #1584542219 top #1584542230 free -m #1584542234 uptime #1584542238 cd / #1584542240 ls #1584542251 du -sh /home #1584542267 du -sh /home/test #1584542281 exit root@web [/home/test]#
Notice that the .bash_history file is owned by the user, so the user can modify it anytime.
The lines starting with # contain the time (in Unix/Epoch Time format) when the command was run. Below we put a link to a site where you can convert the Unix Time to human-readable time. Or more easily you can use the date command:
root@web [/home/test]# date -d @1584543556 Wed Mar 18 09:59:16 CDT 2020 root@web [/home/test]#