linux日志审计

#!/bin/bash
#
#set the logs
#
#set the history
cat >>/root/.bashrc <<EOF
HISTFILESIZE=2000
HISTSIZE=2000
HISTCONTROL=ignoredups
HISTTIMEFORMAT=" %F %T : "
export HISTTIMEFORMAT
EOF
#create and set logs
touch /var/log/.sudo.log
chown trunkey.root /var/log/.sudo.log
chmod 220 /var/log/.sudo.log
#手动在/etc/bashrc填写如下
export HISTORY_FILE=/var/log/.sudo.log
export PROMPT_COMMAND='{ date "+%Y-%m-%d %T ##### $(who am i |awk "{print \$1\" \"\$2\" \"\$5}")  #### $(id|awk "{print \$1}") #### $(history 1 | { read x cmd; echo "$cmd"; })"; } >>$HISTORY_FILE'

#logrotate
cat >>/etc/logrotate.d/sudo <<EOF
/var/log/.sudo.log {
monthly
rotate 12
create
dateext
}
EOF

发表评论


表情