One of the characteristics that lack the history of bash (at least from my point of view) is to know who and what time you execute the command. To fix this there are many solutions, from keyloggers add the system to patch the same source of Bash.
But the other day browsing through a blog I found a solution that I found very good and clean through the same syslog. The idea is to add in some of the startup scripts of users logging a small feature that saves the last command executed in syslog via logger command .
In our case we chose the file / etc / profile and in the end we add the following lines:
better then to review the records, configure the syslogd daemon to separate the records and store them in a separate file. Therefore add the / etc / syslog.conf the following line: # BASH
thing about this solution is that it adds a little more security to the history of the commands. The bash_history is easy to skip if the user at any time during the session run the command: unset
But the other day browsing through a blog I found a solution that I found very good and clean through the same syslog. The idea is to add in some of the startup scripts of users logging a small feature that saves the last command executed in syslog via logger command .
In our case we chose the file / etc / profile and in the end we add the following lines:
declare function
history_to_syslog {cmd = cmd
$ (fc-ln -0) logger-p
local7.notice - SESSION = $ $, WHO = $ (whoami) CMD = $ cmd}
history_to_syslog DEBUG trap
better then to review the records, configure the syslogd daemon to separate the records and store them in a separate file. Therefore add the / etc / syslog.conf the following line: # BASH
For there is also good to add in some lines logrotate to rotate the logs and prevent this file to become very large. For this we can create file / etc / logrotate.d / cmdhist and added the following lines:
local7 .* -/var/log/cmdhist.log
/ var / log / {and with this we recorded the day to date with all the commands executed in the system by identifying the user, the session and time to execute each command.
cmdhist.log
rotate 31 daily compress
missingok
}
thing about this solution is that it adds a little more security to the history of the commands. The bash_history is easy to skip if the user at any time during the session run the command: unset
HISTFILEWith this, the Bash loses the settings where you have to save executed commands, so the log does not save commands executed. The solution to keeping the command go to the syslog , adds a little security in this aspect, because the commands are saved as you go running, so that even the same commands to "erase the traces" are recorded in the same syslog, and even, you can configure the syslog daemon to save the records remotely and thus add a little more certainty on the matter.
0 comments:
Post a Comment