如何记录从 shell 脚本执行的每条命令
[英]How to log every single command executed from shell script
问题描述
I am trying to find a way to record every single command that is executed by any user on the system.
我试图找到一种方法来记录系统上任何用户执行的每条命令。 Things that I have came across earlier.我之前遇到的事情。
- It is possible to view shell commands executed from the terminal using ~/.bashrc_history file.可以使用 ~/.bashrc_history 文件查看从终端执行的 shell 命令。
There is a catch here, It logs only those commands which were executed interactively from bash shell/terminal.这里有一个问题,它只记录那些从 bash shell/终端交互执行的命令。
This solves one of my problems.这解决了我的一个问题。 But in addition to it, I would like to log those commands also which were executed as a part of the shell script.但除此之外,我还想记录那些作为 shell 脚本的一部分执行的命令。
Note: I don't have control over shell script.注意:我无法控制 shell 脚本。 Therefore, adding verbose mode like因此,添加详细模式,如
#!/bin/bash -xe However, this can be assumed that I have root access as a system administrator.但是,这可以假定我作为系统管理员具有 root 访问权限。
Eg: I have another user that has access to the system.例如:我有另一个用户可以访问系统。 And he runs the following shell script using from his account.他使用他的帐户运行以下 shell 脚本。
#./bin/sh nmap google.com
and run as "$ sh script.sh"并以“$ sh script.sh”运行
Now, What I want is "nmap google.com" command should be logged somewhere once this file is executed.现在,我想要的是“nmap google.com”命令应该在执行此文件后记录在某处。
Thanks in advance.提前致谢。 Even a small help is appreciated.即使是很小的帮助也会受到赞赏。
Edit: I would like to clarify that users are unaware that they are being monitored.编辑:我想澄清一下,用户并不知道他们正在被监视。 So I need a solution something at system level(may be agent running with root).所以我需要一个系统级别的解决方案(可能是用 root 运行的代理)。 I cannot depend on user to log suspicious activity.我不能依赖用户记录可疑活动。 Of-course everyone will avoid such tricks to put blame on someone else if they do something fishy or wrong当然,如果他们做了可疑或错误的事情,每个人都会避免这种把责任推给别人的伎俩
2 个解决方案
解决方案1
0 2020-08-31 13:37:56
You can run the script in this way:您可以通过以下方式运行脚本:
- execute bash (it will override the shebang)执行 bash(它将覆盖 shebang)
- ts to prefix every lines ts 为每一行添加前缀
- logs both in terminal and files在终端和文件中记录
bash -x script.sh |& ts |
You may ask the other user to create an alias.您可以要求其他用户创建一个别名。
Edit: You may also add this into /etc/profile (sourced when users login)编辑:您也可以将其添加到 /etc/profile (用户登录时获取)
exec > >(tee -a /tmp/$(date +%F).log)
Do it also for error output if needed.如果需要,也可以针对错误 output 执行此操作。 Keep it splited.保持分裂。
解决方案2
0 已采纳 2020-09-01 04:39:24
I am aware that you were asking for Bash and Shell scripting and tagged your question accordingly, but in respect to your requirements我知道您要求编写 Bash 和 Shell 脚本并相应地标记了您的问题,但要考虑到您的要求
- Record every single command that is executed by any user on the system记录系统上任何用户执行的每条命令
- Users are unaware that they are being monitored用户不知道他们正在被监视
- A solution something at system level系统级的解决方案
I am under the assumption that you are looking for Audit Logging .我假设您正在寻找Audit Logging 。
So you may take advantage from articles like所以你可以利用像这样的文章
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.