Enterprises that requires logging of user actions will very likely not being doing it at the shell level, either through compiled in options, or shell history.
Instead, the Kernel has built in functionality called Auditd[0], which is capable of logging any and all executions, file or socket accesses, and much more. Along with included tooling for quickly finding and alerting on events[3].
Further, if terminal logging or playback is really required (usually not), it's generally done through pam with tlog[1]. Red Hat 8 and above come with built-in tlog support[2].
Instead, the Kernel has built in functionality called Auditd[0], which is capable of logging any and all executions, file or socket accesses, and much more. Along with included tooling for quickly finding and alerting on events[3].
Further, if terminal logging or playback is really required (usually not), it's generally done through pam with tlog[1]. Red Hat 8 and above come with built-in tlog support[2].
[0] https://access.redhat.com/documentation/en-us/red_hat_enterp...
[1] https://github.com/Scribery/tlog/blob/main/README.md
[2] https://access.redhat.com/documentation/en-us/red_hat_enterp...
[3] https://wiki.archlinux.org/title/Audit_framework