Midnight Commander (MC) doesn't maintain its own comprehensive activity logs by default. Unlike shell history files (e.g., .bash_history), MC wasn't designed with built-in command auditing in mind. This creates visibility gaps for sysadmins monitoring user activities.

When MC usage dominates your environment, consider these monitoring strategies:

# 1. Leverage Linux auditd for MC process tracking
sudo auditctl -a exit,always -F arch=b64 -S execve -F path=/usr/bin/mc

# 2. Monitor configuration changes
inotifywait -m -r ~/.config/mc/ | while read path action file; do
    logger -t mc-monitor "Config modified: $file via $action"
done

• ~/.config/mc/ - Contains user-specific configurations
• ~/.local/share/mc/history - Limited command history (varies by version)
• /tmp/mcedit_* - Temporary edit files (can reveal activity patterns)

For environments with strict auditing requirements, implement a wrapper script:

#!/bin/bash
# mc-wrapper.sh
LOGFILE="/var/log/mc-audit.log"
{
    echo "[$(date)] MC launched by $USER (PID $$)"
    echo "Command line: $@"
    /usr/bin/mc "$@"
    echo "[$(date)] MC exited (PID $$)"
} >> "$LOGFILE" 2>&1

Then create an alias in /etc/profile.d/mc-wrapper.sh:

alias mc='/path/to/mc-wrapper.sh'

For centralized logging:

1. Configure rsyslog to forward MC-related events
2. Integrate with SIEM solutions using custom parsers
3. Implement eBPF probes for deeper MC process monitoring

---

Midnight Commander (MC) doesn't maintain a dedicated activity log or command history file by default. Unlike bash's .bash_history, MC wasn't originally designed with comprehensive auditing in mind. When users execute commands through MC's internal shell (F9 → "Shell Command"), these commands typically don't get captured in traditional shell history files.

Since native MC logging is limited, system administrators need to employ alternative methods:

1. System-wide Command Auditing with auditd

Configure Linux audit subsystem to track MC-related processes:

# /etc/audit/rules.d/mc-monitoring.rules
-a always,exit -F path=/usr/bin/mc -F perm=x -k midnight_commander
-a always,exit -F arch=b64 -S execve -F exe=/usr/bin/mc -k mc_commands

View audit logs with:

ausearch -k midnight_commander | aureport -f -i

2. Enhanced Shell History Capture

Modify bash configuration to capture all terminal activity, including MC shell commands:

# ~/.bashrc or /etc/bash.bashrc
export PROMPT_COMMAND='history -a; history -c; history -r'
export HISTTIMEFORMAT="%F %T "
shopt -s histappend
export HISTCONTROL=ignoredups:erasedups
export HISTSIZE=100000
export HISTFILESIZE=100000

3. Process Monitoring with psacct

Install process accounting tools:

sudo apt install acct    # Debian/Ubuntu
sudo yum install psacct  # RHEL/CentOS

Enable and check process accounting:

sudo systemctl enable psacct
sudo lastcomm | grep mc

For more granular control, you can implement custom logging:

1. Wrapper Script for MC

Create a wrapper that logs MC execution:

#!/bin/bash
LOG_FILE=/var/log/mc-usage.log
echo "$(date '+%Y-%m-%d %H:%M:%S') - $(whoami) - $SSH_CONNECTION" >> $LOG_FILE
/usr/bin/mc "$@"

2. strace Monitoring

For temporary debugging, attach strace to running MC processes:

sudo strace -fp $(pgrep -f '/usr/bin/mc') -e trace=execve -o /tmp/mc-trace.log

• Privacy regulations may require user notification about monitoring
• Log files need proper rotation (use logrotate)
• Consider SELinux/AppArmor constraints when implementing custom solutions