Check the SSH commands run by users

If you are giving Shell access to your web hosting users you might want to check what commands they are using. In cPanel, there is a file in the user’s home directory that keeps the SSH history.

The file is /home/username/.bash_history
The dot in from of the filename means the file is hidden. You can use the cat command to see the file content:

cat /home/username/.bash_history

root@web [/home/test]# cat .bash_history
#1521029684
exit
#1584542216
ls
#1584542218
w
#1584542219
top
#1584542230
free -m
#1584542234
uptime
#1584542238
cd /
#1584542240
ls
#1584542251
du -sh /home
#1584542267
du -sh /home/test
#1584542281
exit
root@web [/home/test]#

Notice that the .bash_history file is owned by the user, so the user can modify it anytime.

Epoch Time converter

The lines starting with # contain the time (in Unix/Epoch Time format) when the command was run. Below we put a link to a site where you can convert the Unix Time to human-readable time. Or more easily you can use the date command:

root@web [/home/test]# date -d @1584543556
Wed Mar 18 09:59:16 CDT 2020
root@web [/home/test]#

Resources:
Wikipedia Unix Time/Epoch Time
Epoch Time Converter