1
2
3
4
|
HISTFILESIZE=4000
HISTSIZE=4000
HISTTIMEFORMAT=
'%F %T'
export
HISTTIMEFORMAT
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@server ~]
# history
247 2013-10-05 17:16:28
vi
/etc/bashrc
248 2013-10-05 17:16:28
top
249 2013-10-05 17:04:18 vmstat
250 2013-10-05 17:04:24
ps
-ef
251 2013-10-05 17:16:29
ls
-al
252 2013-10-05 17:16:32 lsattr
253 2013-10-05 17:17:16
vi
/etc/profile
254 2013-10-05 17:19:32
date
+
"%F %T"
255 2013-10-05 17:21:06
lsof
256 2013-10-05 17:21:21
history
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
#history
USER_IP=`
who
-u am i 2>
/dev/null
|
awk
'{print $NF}'
|
sed
-e
's/[()]//g'
`
HISTDIR=
/usr/share/
.
history
if
[ -z $USER_IP ]
then
USER_IP=`
hostname
`
fi
if
[ ! -d $HISTDIR ]
then
mkdir
-p $HISTDIR
chmod
777 $HISTDIR
fi
if
[ ! -d $HISTDIR/${LOGNAME} ]
then
mkdir
-p $HISTDIR/${LOGNAME}
chmod
300 $HISTDIR/${LOGNAME}
fi
export
HISTSIZE=4000
DT=`
date
+%Y%m%d_%H%M%S`
export
HISTFILE=
"$HISTDIR/${LOGNAME}/${USER_IP}.history.$DT"
export
HISTTIMEFORMAT=
"[%Y.%m.%d %H:%M:%S]"
chmod
600 $HISTDIR/${LOGNAME}/*.
history
* 2>
/dev/null
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@server user01]
# pwd
/usr/share/
.
history
/user01
[root@server user01]
# ls -al
-rw------- 1 user01 wheel 56 Jul 6 17:07 192.168.12.12.
history
.20130706_164512
-rw------- 1 user01 wheel 43 Jul 6 17:42 192.168.12.12.
history
.20130706_172800
-rw------- 1 user01 wheel 22 Jul 7 12:05 192.168.12.19.
history
.20130707_111123
-rw------- 1 user01 wheel 22 Jul 8 13:41 192.168.12.20.
history
.20130708_120053
-rw------- 1 user01 wheel 22 Jul 1 15:28 192.168.12.186.
history
.20130701_150941
-rw------- 1 user01 wheel 22 Jul 2 19:47 192.168.12.163.
history
.20130702_193645
-rw------- 1 user01 wheel 22 Jul 3 12:38 192.168.12.19.
history
.20130703_120948
-rw------- 1 user01 wheel 22 Jul 3 19:14 192.168.12.134.
history
.20130703_183150
|
1
2
|
[user01@unknown ~]$
more
/etc/shadow
/etc/shadow
: Permission denied
|
1
2
3
4
|
user01 ALL =
/bin/more
/etc/shadow
这样,通过如下方式user01用户就可访问
/etc/shadow
文件:
[user01@unknown ~]$
sudo
more
/etc/shadow
[
sudo
] password
for
user01:
|
1
|
CENTREON ALL = NOPASSWD:
/etc/init
.d
/nagios
restart
|
1
|
user02 ALL=(ALL) NOPASSWD: ALL
|
1
2
3
|
[user02@unknown ~]$
sudo
su
-
[root@unknown ~]
# pwd
/root
|
1
|
Banner
/etc/issue
.net
|