linux:sudo:sudoers:record_tty_commands_run_by_a_ldap_user_after_sudo_to_a_service_account_and_store_them_to_a_file
Linux - Sudo - Sudoers - Record tty commands run by a ldap user after sudo to a service account and store them to a file
Example:
[user@test1] / # sudo su - oracle [oracle@test1] /home/oracle # hostname test1 [oracle@test1] /home/oracle # pwd /home/oracle
How to have sudo store these commands (hostname, pwd, etc) to a file after a user sudo to service account (oracle, etc) and run commands as that service account on a server?
Solution
First, create a log directory and set the sticky bit on it.
sudo mkdir -p /var/log/users_historylogs/ sudo chmod +t /var/log/users_historylogs/
Next, create a new script file under /etc/profile.d/ directory.
sudo vi /etc/profile.d/history_log.sh
And add the below content at the bottom, save, and exit.
- /etc/profile.d/history_log.sh
_who_am_i=$(whoami|awk '{print $1}') _ID=$(id -u $_who_am_i) if [ "$_ID" > 0 ] then export HISTSIZE=10000 export HISTTIMEFORMAT='%F %T ' export HISTFILE=/var/log/users_historylogs/history-users-$(whoami | awk '{print $1}';exit)-$(date +%F) export PROMPT_COMMAND='history -a' fi
Set the permission and enable the script.
chmod 770 /etc/profile.d/history_log.sh source /etc/profile.d/history_log.sh
Now all user executed commands history saved to log file…
linux/sudo/sudoers/record_tty_commands_run_by_a_ldap_user_after_sudo_to_a_service_account_and_store_them_to_a_file.txt · Last modified: 2023/07/17 21:26 by peter