Save bash history in syslog on CentOS
Bash has feature to write to syslog, that is useful when served accessed by more then one person.
You need to have bash version 4.1+, in my case CentOS 6.4 and CentOS 7 already have it
Open file /etc/bashrc and paste in the end:
PROMPT_COMMAND=$(history -a)
typeset -r PROMPT_COMMAND
function log2syslog
{
declare command
command=$BASH_COMMAND
logger -p local1.notice -t bash -i -- $USER : $PWD : $command
}
trap log2syslog DEBUGNext time when you login and syslog:
$ sudo tail -10 /var/log/messages
Sep 21 20:35:57 my-server bash[28245]: pavel : /home/pavel : PATH=$PATH:$HOME/bin
Sep 21 20:35:57 my-server bash[28246]: pavel : /home/pavel : export PATH
Sep 21 20:36:15 my-server bash[28247]: pavel : /home/pavel : sudo tail -50 /var/log/messages
Sep 21 22:42:01 my-server bash[28273]: pavel : /home/pavel : sudo tail -50 /var/log/messages
Sep 21 22:51:35 my-server bash[28276]: pavel : /home/pavel : sudo nano /etc/bashrc
Sep 21 22:51:48 my-server bash[28304]: pavel : /home/pavel : PATH=$PATH:$HOME/bin
Sep 21 22:51:48 my-server bash[28305]: pavel : /home/pavel : export PATH
Sep 21 22:51:58 my-server bash[28306]: pavel : /home/pavel : sudo tail -f /var/log/messages
Sep 21 22:54:46 my-server bash[28309]: pavel : /home/pavel : sudo nano /etc/bashrc
Sep 21 22:56:04 my-server bash[28312]: pavel : /home/pavel : sudo tail -10 /var/log/messagesThat can play nicely with log aggregation services. Though it can't be used for security audit purpose, because it's easy to avoid this logging
Written by Pavel
Related protips
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Best
#Security
Authors
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#