Hi,

This is a tricky one.

From history output the below command gives something that I consider an acceptable solution.

history | awk ' { print $2 } ' | sort | uniq -c

It does not account for command typed differently but clearly identical such as mv and /usr/bin/mv, it will falsely count variable assignation such NAMES='John Smith', it will clobber HERE commands spead on several lines, and piped commands on one line, ... And it supposes that history output has not been customized so that the command is just preceded with the command number.

Regards,

Tshimanga

Run the following commands:

sudo aureport --start this-year -x | grep "^[0-9]." | awk '{print $4}' | sort | uniq -c

The breakdown of commands is:

aureport - produces a report about executables for the specified time period. You can set this date to the date of the setup of the host machine.

grep "^[0-9]." - finds all the lines that begin with a number, to avoid empty lines, comments and headers.

awk '{print $4}' - prints the name of the executables that have been run on each line.

sort - sorts the lines in order

uniq -c - counts the occurences of unique lines.

The output will produce a list of executables and the number of times they have been run for the specified time period. In this example; the current year:

(edited output)

648 /usr/bin/su
8328 /usr/bin/sudo
89 /usr/bin/systemctl

My output does seem to have some anomalies, though. For example; grep only shows as being run once. This is incorrect as it was run many times when working on this solution. 

So, some further work is required on this problem!