forked from techarkit/shell-scripting-tutorial
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcollectroothistory.sh
More file actions
26 lines (20 loc) · 694 Bytes
/
collectroothistory.sh
File metadata and controls
26 lines (20 loc) · 694 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/bin/bash
## Collect Root Commands History
# Mailing List
MAILLIST="YOUREMAIL@DOMAIN"
# Log path
AUDLOG="/rootcommands"
cp /root/.bash_history /tmp/history
sed -i 's/#//g' /tmp/history
for i in `cat /tmp/history |grep ^[0-9]`
do
CONVT=`date -d @$i`
sed -i "s/$i/$CONVT/g" /tmp/history
done
sed -i 'N;s/\n/ /' /tmp/history
sleep 10
/bin/touch ${AUDLOG}$HOSTNAME-root-hist.log.`date +%h%d%y`
/bin/grep "$DATE" /tmp/history > ${AUDLOG}$HOSTNAME-root-hist.log.`date +%h%d%y`
/bin/chmod 0440 ${AUDLOG}$HOSTNAME-root-hist.log.`date +%h%d%y`
# Mail notification
/bin/cat ${AUDLOG}$HOSTNAME-root-hist.log.`date +%h%d%y` |mail -s "HOST: $HOSTNAME - `whoami` Daily root Commands Log" ${MAILLIST}