Cum sa logam toate comenzile ssh ale userilor

Configurare noua (How To)

Situatie

Serverele cu multi utilizatori au creeat mereu probleme pentru sysadmini.
Mai jos am sa va ofer o metoda de a monitoriza toate comenzile userilor din ssh.

Solutie

1) Se creeaza un document nou cu numele ssh_log.sh
vi ssh_log.sh

2) Se introduce in fisierul ssh_log.sh scriptul de mai jos.

#!/bin/bash

FILE=/etc/bash.bashrc
FILE1=/etc/rsyslog.d/bash.conf
FILE2=/etc/init.d/rsyslog
FILE3=/etc/logrotate.d/rsyslog

if [ -f $FILE ]; then
   echo "export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]+[ ]*//" )[$RETRN_VAL]"'" >> /etc/bash.bashrc
else
   echo "File $FILE does not exists"
   exit 0
fi

if [ -f $FILE1 ]; then
   echo "File $FILE1 exists. Delete it"
   exit 0
else
   touch /var/log/commands.log
   echo "local6.* /var/log/commands.log" >> /etc/rsyslog.d/bash.conf
fi

if [ -f $FILE3 ]; then
   sed '/"varlogmessages"/a "varlogcommands.log"' $FILE3
else
   echo "File $FILE3 does not exists"
   exit 0
fi

if [ -f $FILE2 ]; then
   service rsyslog restart
else
   echo "File $FILE2 does not exists. Install? [y/N]"
        read -p "Install rsyslog? [y/N] " -n 1 -r
        echo
        if [[ $REPLY =~ ^[Yy]$ ]]
        then
           apt-get install rsyslog -y
        else
           exit 0
        fi
fi

3) Dupa salvarea fisierului se va executa chmod +x ssh_log.sh (oferim drepturi de executare)

4) Executam scriptul prin comanda ./ssh_log.sh

Tip solutie

Permanent

Voteaza

(242 din 443 persoane apreciaza acest articol)

Despre Autor

Leave A Comment?