I want to monitor
I have 3 user in my linux machine let's say a,b,c .By Using last command I am able to identify list of last logged in user and by w command who is logged in and what they are doing and by history command all command used by particular user all will be shown.
Now I want to write shell script which will show how much time ideal,how much they are logged in and how much command they have run for each user.
How to do this? To Monitor user
All user session start/stop logs will be logged to /var/log/secure or /var/log/auth.log, depending on which distro you're using. You can easily parse that file to identify sign in/out times for each user.
Regarding reporting on commands run, Linux systems don't log this unless you specifically configure some sort of command auditing.
As mentioned in previous answer, you can use Linux audit system together with pam_tty_audit PAM module to audit specified users. The module works with the auditd daemon, so make sure it is enabled before configuring the module. The module records the exact keystrokes the user makes into the /var/log/audit/audit.log file. By default, it does NOT log keystrokes when the TTY is in password entry mode.
Assuming you are running on RHEL6, the module should be configured in/etc/pam.d/password-auth and /etc/pam.d/session-auth files by adding the following stanza to them:
session required pam_tty_audit.so disable=* enable=a,b,c
You can then read the audit log file with reporting tool aureport:
aureport --tty -ts today
aureport --tty
