Search
Duplicate

bash 커맨드 로깅 설정

/etc/profile 하단에 아래 내용 추가 후 저장

# command logging by pjw 20200916 # [example] grep 'Command' /var/log/messages function history_to_syslog { declare command remoteaddr="`who am i`" pwd="`pwd`" command=$(fc -ln -0) if [ "$command" != "$old_command" ]; then logger -p local2.notice -t bash -i ? "$USER : $remoteaddr" "Command : $command Directory : $pwd" fi old_command=$command } trap history_to_syslog DEBUG
Bash
복사

반영

source /etc/profile
Bash
복사

결과

grep 'Command' /var/log/messages Sep 16 12:02:06 crinity-web-01-dmz bash[27484]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 vi /etc/profile Directory : /root Sep 16 12:05:11 crinity-web-01-dmz bash[27795]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 source /etc/profile Directory : /root Sep 16 12:23:19 crinity-web-01-dmz bash[28386]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 exit Directory : /root Sep 16 12:23:30 crinity-web-01-dmz bash[28401]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 grep 'Command' /var/log/messages Directory : /root Sep 16 12:23:31 crinity-web-01-dmz bash[28411]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 cd /usr/ Directory : /usr Sep 16 12:23:32 crinity-web-01-dmz bash[28420]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 cd sbin/ Directory : /usr/sbin Sep 16 12:23:35 crinity-web-01-dmz bash[28442]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 ls Directory : /usr/sbin Sep 16 12:23:37 crinity-web-01-dmz bash[28451]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 cd .. Directory : /usr Sep 16 12:23:47 crinity-web-01-dmz bash[28470]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 cd etc Directory : /etc Sep 16 12:23:47 crinity-web-01-dmz bash[28479]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 cd letsencrypt/ Directory : /etc/letsencrypt Sep 16 12:23:48 crinity-web-01-dmz bash[28490]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 ls Directory : /etc/letsencrypt Sep 16 12:23:48 crinity-web-01-dmz bash[28499]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 cd live/ Directory : /etc/letsencrypt/live Sep 16 12:23:50 crinity-web-01-dmz bash[28510]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 ll Directory : /etc/letsencrypt/live Sep 16 12:23:50 crinity-web-01-dmz bash[28519]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 cd cr-cert-govkorea/ Directory : /etc/letsencrypt/live/cr-cert-govkorea Sep 16 12:23:55 crinity-web-01-dmz bash[28547]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 ll Directory : /etc/letsencrypt/live/cr-cert-govkorea Sep 16 12:23:56 crinity-web-01-dmz bash[28557]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 cat README Directory : /etc/letsencrypt/live/cr-cert-govkorea Sep 16 12:23:59 crinity-web-01-dmz bash[28595]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 :q Directory : /etc/letsencrypt/live/cr-cert-govkorea Sep 16 12:24:02 crinity-web-01-dmz bash[28881]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 exit Directory : /root Sep 16 12:24:10 crinity-web-01-dmz bash[28919]: ? root : cr-user pts/0 2020-09-16 12:01 (49.254.28.130) Command : #011 #015 Directory : /root
Bash
복사