需要捕获在Linux上触发的命令
[英]Need to capture the commands fired on Linux
问题描述
I would like to capture all the commands fired by a user in a session. 
我想捕获用户在会话中触发的所有命令。 This is needed for the purpose of auditing. 出于审计目的,这是必需的。
I used some thing like below, 我用了下面的东西
LoggedIn=`date +"%B-%d-%Y-%M:%H"`
HostName=`hostname`
UNIX_USER=`who am i | cut -d " " -f 1`
echo " Please enter a Change Request Number for which you are looging in : "
read CR_NUMBER
FileName=$HostName-$LoggedIn-$CR_NUMBER-$UNIX_USER
script $FileName
I have put this snippet in .profile file, so that as soon as the user logs in to a SU account this creates the file. 我已将此代码段放在.profile文件中,以便用户一旦登录到SU帐户,便会创建该文件。 The plan is to push this file to a central repository where an auditor can look into those files. 计划是将该文件推送到中央存储库,审核员可以在其中查看这些文件。
But there are couple of problems in this. 但是,这有几个问题。
The "script" command spools all the data from the session, for example say, a user cats a property file, It appends all the data of the property file to the auditing file.
“脚本”命令将会话中的所有数据假脱机,例如,用户为一个属性文件创建目录,它将属性文件的所有数据附加到审核文件中。 Unless user fires the 'exit' command, the data will not be spooled to auditing file, by any chance if user logs out with out firing exit command, the auditing file will be empty.
除非用户触发'exit'命令,否则数据将不会被假脱机到审核文件中,如果用户使用out fireing exit命令注销,则审核文件将为空。
Is there any better solution for auditing ? 有没有更好的审计解决方案? History file is not an option since it does not tell me for which Change Request number ( internal to my organisation) the commands are fired. 历史记录文件不是一个选项,因为它不会告诉我命令是针对哪个更改请求号(在组织内部)执行的。 Is there any other way just capture only the commands fired but not the output ? 是否有其他方法仅捕获仅触发的命令而不捕获输出?
Some of the previous discussion are here and here 一些先前的讨论在这里和这里
1 个解决方案
解决方案1
0 2014-08-28 10:57:01
I think this software exactly matches your need: 我认为该软件完全符合您的需求:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.