Thursday, July 7, 2016

How to log/save all commands in CentOS

How to log/save all commands in CentOS

One of the easy ways to log/save/record all issued commands by users is setup logger.

I use rsyslog.

1. Add at the end of /etc/bashrc

export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

if you want to log also IP use this (I know it is not perfect if there are few the same users connected from different IPs)


export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(w -i -h| grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" ) : $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"'

Output will be like this:

date time server-name user-name: IP address : command
Jul  7 13:36:45 server1 root: 192.168.0.5 : 07/07/16 13:36:38 ls -la [0]


2.  Create new config file at:

/etc/rsyslog.d/bash.conf

and put inside:
local6.*    /var/log/logger.log

3. Restart syslog
systemctl restart rsyslog.service

4. edit /etc/logrotate.d/syslog

and add just under
/var/log/secure
/var/log/spooler


/var/log/logger.log

that`s all!

No comments:

Post a Comment

Cybermap

Internet Storm Center Infocon Status

Internet Storm Center Infocon Status
Internet Storm Center Infocon Status