编译bash实现history的syslog日志记录
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了编译bash实现history的syslog日志记录相关的知识,希望对你有一定的参考价值。
一、下载bash源码包
[[email protected] other_x86_64]# http://vault.centos.org/6.9/os/Source/SPackages/bash-4.1.2-48.el6.src.rpm
二、安装源码包
[[email protected] other_x86_64]# rpm -ivh bash-4.1.2-48.el6.src.rpm #警告可以忽略 1:bash warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root ########################################### [100%] warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using roo
[[email protected] ~]# ll total 7208056 -rw-------. 1 root root 1891 Jul 7 2016 anaconda-ks.cfg -rw-r--r-- 1 root root 6686039 Jul 11 2016 bash-4.1.2-40.el6.src.rpm -rw-r--r--. 1 root root 41443 Jul 7 2016 install.log -rw-r--r--. 1 root root 7572 Jul 7 2016 install.log.syslog drwxr-xr-x 8 root root 4096 Jul 11 2016 rpmbuild [[email protected] ~]# cd rpmbuild/ [[email protected] rpmbuild]# ll total 24 drwxr-xr-x 3 root root 4096 Jul 11 2016 BUILD drwxr-xr-x 2 root root 4096 Jul 11 2016 BUILDROOT drwxr-xr-x 3 root root 4096 Jul 11 2016 RPMS drwxr-xr-x 4 root root 4096 Jul 25 10:47 SOURCES drwxr-xr-x 2 root root 4096 Jul 25 10:47 SPECS drwxr-xr-x 2 root root 4096 Jul 11 2016 SRPMS
三、重新编译
[[email protected] rpmbuild]# cd SOURCES/ [[email protected] SOURCES]# tar xf bash-4.1.tar.gz [[email protected] SOURCES]# cp -a bash-4.1 bash-4.1-orig [[email protected] SOURCES]# cd bash-4.1 [[email protected] bash-4.1]# vim config-top.h +104 /* #define SYSLOG_HISTORY */ #if defined (SYSLOG_HISTORY) # define SYSLOG_FACILITY LOG_USER # define SYSLOG_LEVEL LOG_INFO #endif
修改为
#define SYSLOG_HISTORY #if defined (SYSLOG_HISTORY) # define SYSLOG_FACILITY LOG_LOCAL1 # define SYSLOG_LEVEL LOG_DEBUG #endif
[[email protected] bash-4.1]# vim bashhist.c +701 void bash_syslog_history (line) const char *line; { char trunc[SYSLOG_MAXLEN]; if (strlen(line) < SYSLOG_MAXLEN) syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PID=%d UID=%d %s", getpid(), current_user.uid, line); else { strncpy (trunc, line, SYSLOG_MAXLEN); trunc[SYSLOG_MAXLEN - 1] = ‘\0‘; syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): PID=%d UID=%d %s", getpid(), current_user.uid, trunc); } }
修改为
void bash_syslog_history (line) const char *line; { char trunc[SYSLOG_MAXLEN]; if (strlen(line) < SYSLOG_MAXLEN) syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PPID=%d PID=%d SID=%d UID=%d User=%s %s", getppid(),getpid(),getsid(getpid()),current_user.uid, current_user.user_name,line); else { strncpy (trunc, line, SYSLOG_MAXLEN); trunc[SYSLOG_MAXLEN - 1] = ‘\0‘; syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): PPID=%d PID=%d SID=%d UID=%d User=%s %s", getppid(),getpid(),getsid(getpid()),current_user.uid,current_user.user_name,trunc); } } #endif
[[email protected] bash-4.1]# cd .. [[email protected] SOURCES]# diff -Npru bash-4.1-orig bash-4.1 > bash_history_syslog.patch [[email protected] SOURCES]# ls bash-2.02-security.patch bash-4.1-bind_int_variable.patch bash-4.1-orig bash-4.3-fix-terminate_immediately.patch bash-2.03-paths.patch bash-4.1-brace-expansion.patch bash-4.1-posix-block-size-for-cf-options.patch bash-4.3-read-sigterm.patch bash-2.03-profile.patch bash-4.1-broken_pipe.patch bash-4.1-sighup-deadlock.patch bash-4.4-param-expansion.patch bash-2.05a-interpreter.patch bash-4.1-defer-sigchld-trap.patch bash-4.1-signal.patch bash-bashbug.patch bash-2.05b-debuginfo.patch bash-4.1-enable-hyphened-fn-export.patch bash-4.1-signal-sarestart.patch bash-cve-2016-9401.patch bash-2.05b-manso.patch bash-4.1-env-inject.patch bash-4.1.tar.gz bash_history_syslog.patch bash-2.05b-pgrp_sync.patch bash-4.1-examples.patch bash-4.1-trap.patch bash-infotags.patch bash-2.05b-readline-oom.patch bash-4.1-extglob-man.patch bash-4.2-1207042-double-alloc.patch bash-requires.patch bash-2.05b-xcc.patch bash-4.1-fd-leaks.patch bash-4.2-1240994-case-in-command-subst.patch bash-setlocale.patch bash-3.2-audit.patch bash-4.1-here-strings.patch bash-4.2-1250070-ifs-in-temp-env.patch bash-sighup.patch bash-3.2-ssh_source_bash.patch bash-4.1-history-hang.patch bash-4.2-1260568-bash-debugger.patch bash-tty-tests.patch bash-4.0-nobits.patch bash-4.1-logout.patch bash-4.2-cve-2014-7169-0.patch dot-bash_logout bash-4.1 bash-4.1-loop-bracket-comsub.patch bash-4.2-cve-2014-7169-1.patch dot-bash_profile bash41-001 bash-4.1-manpage.patch bash-4.2-cve-2014-7169-2.patch dot-bashrc bash41-002 bash-4.1-manpage_trap.patch bash-4.2-param-subst-mem-leak.patch bash41-016 bash-4.1-mem-leaks.patch bash-4.3-cve-2016-0634.patch bash41-017 bash-4.1-noecho.patch bash-4.3-cve-2016-7543.patch [[email protected] SOURCES]# cd .. [[email protected] rpmbuild]# cd SPECS/ [[email protected] SPECS]# ls bash.spec [[email protected] SPECS]# vim bash.spec # Other patches Patch101: bash-2.02-security.patch Patch102: bash-2.03-paths.patch Patch103: bash-2.03-profile.patch Patch104: bash-2.05a-interpreter.patch Patch105: bash-2.05b-debuginfo.patch Patch106: bash-2.05b-manso.patch Patch107: bash-2.05b-pgrp_sync.patch Patch108: bash-2.05b-readline-oom.patch Patch109: bash-2.05b-xcc.patch Patch110: bash-3.2-audit.patch Patch112: bash-3.2-ssh_source_bash.patch Patch113: bash-bashbug.patch Patch115: bash-infotags.patch Patch116: bash-requires.patch Patch117: bash-setlocale.patch Patch118: bash-tty-tests.patch Patch119: bash_history_syslog.patch #增加的内容 ...... # Other patches %patch101 -p1 -b .security %patch102 -p1 -b .paths %patch103 -p1 -b .profile %patch104 -p1 -b .interpreter %patch105 -p1 -b .debuginfo %patch106 -p1 -b .manso %patch107 -p1 -b .pgrp_sync %patch108 -p1 -b .readline_oom %patch109 -p1 -b .xcc %patch110 -p1 -b .audit %patch112 -p1 -b .ssh_source_bash %patch113 -p1 -b .bashbug %patch115 -p1 -b .infotags %patch116 -p1 -b .requires %patch117 -p1 -b .setlocale %patch118 -p1 -b .tty_tests %patch119 -p1 -b .history_syslog #增加的内容 %patch123 -p1 -b .nobits %patch124 -p1 -b .examples %patch125 -p1 -b .bind_int_variable %patch126 -p1 -b .broken_pipe %patch127 -p1 -b .manpage %patch128 -p1 -b .defer-sigchld-trap
[[email protected] ~]# yum install texinfo #在另一窗口安装 [[email protected] SPECS]# rpmbuild -ba bash.spec + exit 0 Processing files: bash-4.1.2-48.el6.x86_64 Provides: config(bash) = 4.1.2-48.el6 Requires(interp): /bin/sh Requires(rpmlib): rpmlib(BuiltinLuaScripts) <= 4.2.2-1 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(post): ncurses-libs Requires(postun): /bin/sh Requires: /bin/sh libc.so.6()(64bit) libc.so.6(GLIBC_2.11)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.2.5)(64bit) libtinfo.so.5()(64bit) rtld(GNU_HASH) Processing files: bash-doc-4.1.2-48.el6.x86_64 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires: /bin/bash /bin/sh Processing files: bash-debuginfo-4.1.2-48.el6.x86_64 Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/bash-4.1.2-48.el6.x86_64 Wrote: /root/rpmbuild/SRPMS/bash-4.1.2-48.el6.src.rpm Wrote: /root/rpmbuild/RPMS/x86_64/bash-4.1.2-48.el6.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/bash-doc-4.1.2-48.el6.x86_64.rpm Wrote: /root/rpmbuild/RPMS/x86_64/bash-debuginfo-4.1.2-48.el6.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.0zbnT0 + umask 022 + cd /root/rpmbuild/BUILD + cd bash-4.1 + rm -rf /root/rpmbuild/BUILDROOT/bash-4.1.2-48.el6.x86_64 + exit 0
四、重新安装bash
[[email protected] rpmbuild]# cd RPMS [[email protected] RPMS]# ll total 4 drwxr--r-- 2 root root 4096 Jul 25 13:08 x86_64 [[email protected] RPMS]# cd x86_64/ [[email protected] x86_64]# ll total 5128 -rw-r--r-- 1 root root 931232 Jul 25 13:08 bash-4.1.2-48.el6.x86_64.rpm -rw-r--r-- 1 root root 1374956 Jul 25 13:08 bash-debuginfo-4.1.2-48.el6.x86_64.rpm -rw-r--r-- 1 root root 2939332 Jul 25 13:08 bash-doc-4.1.2-48.el6.x86_64.rpm [[email protected] x86_64]# rpm -Uvh --force bash-4.1.2-48.el6.x86_64.rpm Preparing... ########################################### [100%] 1:bash ########################################### [100%]
五、配置rsyslog日志服务
[[email protected] x86_64]# cat /etc/rsyslog.conf local1.debug /var/log/bash_history.log
[[email protected] x86_64]# tail -f /var/log/bash_history.log Jul 25 13:10:28 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root cd x86_64/ Jul 25 13:10:30 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root ll Jul 25 13:12:57 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root bash --version Jul 25 13:13:46 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root rpm -Uvh --force bash-4.1.2-48.el6.x86_64.rpm Jul 25 13:13:49 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root ll Jul 25 13:15:04 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root cp bash-4.1.2-48.el6.x86_64.rpm /var/repo/other_x86_64/ Jul 25 13:15:17 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root cat /etc/rsyslog.conf Jul 25 13:15:33 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root ll /var/log/bash_history.log Jul 25 13:15:48 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root more /var/log/bash_history.log Jul 25 13:16:19 repo -bash: HISTORY: PPID=29829 PID=29831 SID=29831 UID=0 User=root tail -f /var/log/bash_history.log Jul 25 13:16:30 repo -bash: HISTORY: PPID=5208 PID=5210 SID=5210 UID=0 User=root ll
以上是关于编译bash实现history的syslog日志记录的主要内容,如果未能解决你的问题,请参考以下文章