How to keep a track of all the commands run by any user in Linux

What if you want to know what were the commands which were executed by any user on any Linux server

Method 1

Check the .bash_history file in their home location.

NOTE: You will not be able to see the commands executed in the currently logged in session unless the user logs out.
# less /home/deepak/.bash_history
man yum
yum deplist httpd
sud iptables -L
sudo iptables -L
sudo iptables --list
less /etc/sysconfig/iptables
sudo less /etc/sysconfig/iptables
sudo iptables --list WEBSHPHERE
sudo iptables --list INPUT
cd test

Method 2

lastcomm prints out information about previously executed commands.  If no arguments are specified, lastcomm will print info about all of the commands in acct (the record file).
# lastcomm --user deepak
sshd              SF    deepak __         0.00 secs Thu Jun 12 03:08
bash                    deepak pts/11     0.01 secs Thu Jun 12 03:08
clear                   deepak pts/11     0.00 secs Thu Jun 12 03:30
bash-prompt-xte         deepak pts/11     0.00 secs Thu Jun 12 03:30
man                     deepak pts/11     0.00 secs Thu Jun 12 03:14
sh                      deepak pts/11     0.00 secs Thu Jun 12 03:14
less                    deepak pts/11     0.00 secs Thu Jun 12 03:14
bzip2                   deepak pts/11     0.00 secs Thu Jun 12 03:14
gunzip                  deepak pts/11     0.00 secs Thu Jun 12 03:14
bash-prompt-xte         deepak pts/11     0.00 secs Thu Jun 12 03:12
bash-prompt-xte         deepak pts/11     0.00 secs Thu Jun 12 03:12
lastcomm                deepak pts/11     0.00 secs Thu Jun 12 03:12
bash-prompt-xte         deepak pts/11     0.00 secs Thu Jun 12 03:09
bash-prompt-xte         deepak pts/11     0.00 secs Thu Jun 12 03:09
date                    deepak pts/11     0.00 secs Thu Jun 12 03:09
For each entry the following information is printed:
          + command name of the process
          + flags, as recorded by the system accounting routines:
               S -- command executed by super-user
               F -- command executed after a fork but without a following exec
               C -- command run in PDP-11 compatibility mode (VAX only)
               D -- command terminated with the generation of a core file
               X -- command was terminated with the signal SIGTERM
          + the name of the user who ran the process
          + time the process exited

lets sort out our output with unique commands ran by userdeepak along with count
# lastcomm --user root | awk -F ""'{ print $1 }' | sort | uniq --count
      3 ac
      1 accton
   3537 awk
    650 basename
     17 bash
      4 bzip2
  11030 cat
      5 chmod
      1 clear
    325 consoletype
      1 cp
   1591 crond
    663 cut
      1 date
      4 egrep
   2754 ethtool
     42 find
      5 finger

list the time and the user details who ran rm command
# lastcomm rm
rm                      deepak pts/11     0.00 secs Thu Jun 12 03:35
rm                      deepak pts/11     0.00 secs Thu Jun 12 03:35
rm                      root     pts/5      0.00 secs Thu Jun 12 02:59
rm                      root     pts/5      0.00 secs Thu Jun 12 02:59
rm                      root     __         0.00 secs Wed Jun 11 23:53
rm                      root     __         0.00 secs Wed Jun 11 23:53
rm                      root     pts/5      0.00 secs Wed Jun 11 05:59
rm                      root     pts/5      0.00 secs Wed Jun 11 05:59
rm                      root     pts/5      0.00 secs Wed Jun 11 05:59
rm                      root     pts/5      0.00 secs Wed Jun 11 05:59
rm                      root     pts/5      0.00 secs Wed Jun 11 05:58
rm                      root     pts/5      0.00 secs Wed Jun 11 05:58

Method 3

sa summarizes information about previously executed commands as recorded in the acct file.  In addition, it condenses this data into a summary file named savacct which contains the number of times the command was called and the system resources used.  The information can also be summarized on a per-user basis; sa will save this information into a file named usracct.
# sa -u | grep root |awk -F ""'{ print $6}' |sort | uniq --count
     1 accton
    423 awk
     78 basename
      9 bash-prompt-xte
   1306 cat
      5 chmod
     38 consoletype
    188 crond
     78 cut
    532 dhclient-script
    325 ethtool
     41 find
    336 free
      2 gconftool-2
    593 grep
I would appreciate if you can post any other relevant command in the comment section.

Related Articles:
How to track all the successful and failed login attempts by users in Linux
How to check last login time for users in Linux
How to create user without useradd command in Linux
How to give permission to user to run some commands in Linux

Follow the below links for more tutorials

Step by Step Linux Boot Process Explained In Detail
RAID levels 0, 1, 2, 3, 4, 5, 6, 0+1, 1+0 features explained in detail
Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
How to secure Apache web server in Linux using password (.htaccess)
How to register Red Hat Linux with RHN (Red Hat Network )
15 tips to enhance security of your Linux machine
How does a DNS query works when you type a URL on your browser?
How to create password less ssh connection for multiple non-root users
How to create user without useradd command in Linux
How to give normal user root privileges using sudo in Linux/Unix
How to do Ethernet/NIC bonding/teaming in Red Hat Linux
How to install/uninstall/upgrade rpm package with/without dependencies
Why is Linux more secure than windows and any other OS
What is the difference between "su" and "su -" in Linux?
How to secure boot loader (grub menu) with password in RHEL 6
Understanding Load Average in Linux and when to be worried about it?