Situatie
Serverele cu multi utilizatori au creeat mereu probleme pentru sysadmini.
Mai jos am sa va ofer o metoda de a monitoriza toate comenzile userilor din ssh.
Solutie
1) Se creeaza un document nou cu numele ssh_log.sh
vi ssh_log.sh
2) Se introduce in fisierul ssh_log.sh scriptul de mai jos.
#!/bin/bash
FILE=/etc/bash.bashrc
FILE1=/etc/rsyslog.d/bash.conf
FILE2=/etc/init.d/rsyslog
FILE3=/etc/logrotate.d/rsyslog
if [ -f $FILE ]; then
echo "export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]+[ ]*//" )[$RETRN_VAL]"'" >> /etc/bash.bashrc
else
echo "File $FILE does not exists"
exit 0
fi
if [ -f $FILE1 ]; then
echo "File $FILE1 exists. Delete it"
exit 0
else
touch /var/log/commands.log
echo "local6.* /var/log/commands.log" >> /etc/rsyslog.d/bash.conf
fi
if [ -f $FILE3 ]; then
sed '/"varlogmessages"/a "varlogcommands.log"' $FILE3
else
echo "File $FILE3 does not exists"
exit 0
fi
if [ -f $FILE2 ]; then
service rsyslog restart
else
echo "File $FILE2 does not exists. Install? [y/N]"
read -p "Install rsyslog? [y/N] " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
apt-get install rsyslog -y
else
exit 0
fi
fi
3) Dupa salvarea fisierului se va executa chmod +x ssh_log.sh (oferim drepturi de executare)
4) Executam scriptul prin comanda ./ssh_log.sh
Leave A Comment?