adminbd

Записи по mssql,oracle,windows и linux

Have a Question?

If you have any question you can ask below or enter what you are looking for!

Логирование bash history в /var/log

/etc/audit/auditd.conf
aureport -h -i | uniq | grep root

кто подключался

auditctl -a exit,always -F arch=b64 -F euid=0 -S execve -k root-commands
auditctl -a exit,always -F arch=b32 -F euid=0 -S execve -k root-commands

auditctl -a exit,always -S all -F euid=0 -F perm=awx -k root-commands

ausearch -k root-commands

Сохраняет ~/.bash-history в /var/log/historyROOT.log

gedit ~/.bashrc & 
export HISTTIMEFORMAT="%h %d %H:%M:%S "

PROMPT_COMMAND='history -a >(tee -a ~/.bash_history | logger -p local6.info -t "$USER[$$] $SSH_CONNECTION")'

export HISTCONTROL=ignoredups

shopt -s histappend

HISTSIZE=500

HISTFILESIZE=9999999999999

Прописать в gedit /etc/syslog.conf &

local6.info /var/log/historyROOT.log
touch /var/log/history.log && /etc/init.d/syslog restart

Перезапустить bash

source ~/.bashrc

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You can use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>