重新定义linux history命令历史保存记录位置和格式
重新定义linux rm命令,实现部分安全功能和类window的回收站功能
history 实现
代码(在/etc/profile.d/目录下下创建一个history.sh文件,导入下面代码)
export HISTTIMEFORMAT="(%Y-%m-%d_%H-%M-%S)"
export HISTSIZE=4096
USER_IP=`who -u am i 2> /dev/null | awk -F'[(|)]' '{print $2}'`
[ -z $USER_IP ] && USER_IP=${HOSTNAME}
HISTDIR=/opt/history_record
find $HISTDIR -type f -mtime +30 -exec /bin/rm {} \;
if [ ! -d $HISTDIR ];then
mkdir -p $HISTDIR
chmod 777 $HISTDIR
fi
TIME_POINT=`date +%Y-%m-%d_%H-%M-%S`
export HISTFILE="$HISTDIR/${TIME_POINT}_${LOGNAME}_${USER_IP}.history"
实现效果
[root@localhost history_record]# ls /opt/history_record/ 2013-05-16_23-49-37_root_192.168.6.19.history [root@localhost history_record]# history 1 (2013-05-16_23-50-52)touch a 2 (2013-05-16_23-50-54)hisr 3 (2013-05-16_23-50-56)history 4 (2013-05-16_23-51-02)rm -rf a 5 (2013-05-16_23-51-05)ls 6 (2013-05-16_23-51-07)ur a
rm 实现
代码(在 /etc/bashrc文件后面添加如下代码)
my_trash=/opt/my_trash
[ ! -d $my_trash ] && mkdir -p $my_trash && chmod 777 $my_trash
find $my_trash -type d -mtime +30 -exec /bin/rm {} \;
alias rm=trash
alias r=trash
alias rl='ls /opt/my_trash'
alias ur=undelfile
function undelfile()
{
dirname $1 | grep "/" >/dev/null 2>&1
if [ $? -gt 0 ];then
echo -e "\033[31myou must given Absolute path\033[0m"
else
RM_DATEPOINT=$my_trash/`echo $1 | rev`
cd $RM_DATEPOINT
mv -i ./* $1
cd
fi
}
function trash()
{
if [ $# -ge 1 ];then
for i in `echo $@`; do
[ "$i" == "-h" ] && usage && break
[ "$i" == "--help" ] && usage && break
[ "$i" == "-r" ] && continue
[ "$i" == "-rf" ] && continue
dirname $i | grep "/" >/dev/null 2>&1
if [ $? -gt 0 ];then
i=`pwd $i`/${i}
fi
[ "$i" == "/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/bin/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/bin" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/dev/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/dev" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/etc" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/etc/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/usr/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/usr" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/usr/local/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/usr/local" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/lib/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/lib" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/lib64/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/lib64" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/var/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/var" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/root/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/root" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/home/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/home" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/sbin/" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
[ "$i" == "/sbin" ] && echo -e "\033[31m Warning !!!Command not allowed\033[0m" && sleep 1 && break
mkdir -p $my_trash/`echo $i | rev` >/dev/null 2>&1
RM_DATEPOINT=$my_trash/`echo $i | rev`
mv -i $i $RM_DATEPOINT
done
else
echo "rm: missing operand"
echo "Try rm -h for more information."
fi
}
function cleartrash()
{
read -p "clear my_trash ?[n]" confirm
[ $confirm == 'y' ] || [ $confirm == 'Y' ] && /bin/rm -rf $my_trash/*
}
实现效果
根目录和一些与系统相关的目录不能直接删除,减少手误照成系统故障。
普通目录和文件不会直接删除,会保存到对应文件中并且会保留30天。
如下是我实现效果(代码很简单,我就不截图)
[root@localhost ~]# ls 1.txt ampx.sh check_environment.sh DejaVuSans.ttf.2013-05-10_10:40 gaby.txt ip_connect.sh main.sh sedsed-1.0 2.txt anaconda-ks.cfg create_nginx_password.sh DejaVuSans.ttf.bak install.log iptables.sh nginx.password whirt.txt a cacti.sh default.conf gaby.pass install.log.syslog jiankongbao.txt php_support.sh zabbix.sh [root@localhost ~]# rm gaby.pass [root@localhost ~]# ls 1.txt a anaconda-ks.cfg check_environment.sh default.conf DejaVuSans.ttf.bak install.log ip_connect.sh jiankongbao.txt nginx.password sedsed-1.0 zabbix.sh 2.txt ampx.sh cacti.sh create_nginx_password.sh DejaVuSans.ttf.2013-05-10_10:40 gaby.txt install.log.syslog iptables.sh main.sh php_support.sh whirt.txt [root@localhost ~]# ls /opt/my_trash/ssap.ybag/toor gaby.pass [root@localhost ~]# ur gaby.pass you must given Absolute path [root@localhost ~]# ur /root/gaby.pass [root@localhost ~]# ls 1.txt ampx.sh check_environment.sh DejaVuSans.ttf.2013-05-10_10:40 gaby.txt ip_connect.sh main.sh sedsed-1.0 2.txt anaconda-ks.cfg create_nginx_password.sh DejaVuSans.ttf.bak install.log iptables.sh nginx.password whirt.txt a cacti.sh default.conf gaby.pass install.log.syslog jiankongbao.txt php_support.sh zabbix.sh [root@localhost ~]# mkdir mytest_dir [root@localhost ~]# echo "hello world" > mytest_dir/test [root@localhost ~]# rm mytest_dir/ [root@localhost ~]# ls 1.txt ampx.sh check_environment.sh DejaVuSans.ttf.2013-05-10_10:40 gaby.txt ip_connect.sh main.sh sedsed-1.0 2.txt anaconda-ks.cfg create_nginx_password.sh DejaVuSans.ttf.bak install.log iptables.sh nginx.password whirt.txt a cacti.sh default.conf gaby.pass install.log.syslog jiankongbao.txt php_support.sh zabbix.sh [root@localhost ~]# cat /opt/my_trash/rid_tsetym/toor/mytest_dir/test hello world [root@localhost ~]# ur /root/mytest_dir/ [root@localhost ~]# ls 1.txt ampx.sh check_environment.sh DejaVuSans.ttf.2013-05-10_10:40 gaby.txt ip_connect.sh main.sh php_support.sh zabbix.sh 2.txt anaconda-ks.cfg create_nginx_password.sh DejaVuSans.ttf.bak install.log iptables.sh mytest_dir sedsed-1.0 a cacti.sh default.conf gaby.pass install.log.syslog jiankongbao.txt nginx.password whirt.txt [root@localhost ~]# cat mytest_dir/test hello world [root@localhost ~]# rm /root/ Warning !!!Command not allowed [root@localhost ~]# rm / Warning !!!Command not allowed [root@localhost ~]# rm /etc Warning !!!Command not allowed [root@localhost ~]# rm /etc/ Warning !!!Command not allowed [root@localhost ~]# rm -rf /usr/local/ Warning !!!Command not allowed [root@localhost ~]# rm -rf /etc/ Warning !!!Command not allowed [root@localhost ~]# rl a fnoc.tluafed hs.itcac rid_tsetym ssap.ybag [root@localhost ~]# cleartrash clear my_trash ?[n]y [root@localhost ~]# rl [root@localhost opt]# cd /opt/my_trash/ [root@localhost my_trash]# ls [root@localhost my_trash]#
最后由于真正的rm命令还在的,所以如果使用了/bin/rm 这个命令还是能删除那些危险文件或者目录,所以做好对rm使用很重要。
还有个问题就是如果删除的东西很大的话,会很占服务器磁盘空间(现在硬盘不差钱,一般都没有问题)的,这个文件保留时间可以自己调下。
cleartrash这个命令也很危险,故只有管理员不显示在帮助命令里。
最重要的是要根据自己平台的实际情况,测试好(我这是centos6.3)