1. 下载bash-4.2版本源码包,修改其中的源代码重新编译安装:
wget http://mirrors.ustc.edu.cn/gnu/bash/bash-4.2.tar.gz
2. 修改源码包中的根目录下 config-top.h 文件.
#define SSH_SOURCE_BASHRC
#define SYSLOG_HISTORY
去掉以上两项的注释即可
3. 修改源码包中根目录下 bashhist.c 文件,大概在705行.
/* void
bash_syslog_history (line)
const char *line;
{
char trunc[SYSLOG_MAXLEN];
if (strlen(line) < SYSLOG_MAXLEN)
syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PID=%d UID=%d %s", getpid(), current_user.uid, line);
else
{
strncpy (trunc, line, SYSLOG_MAXLEN);
trunc[SYSLOG_MAXLEN - 1] = '\0';
syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): PID=%d UID=%d %s", getpid(), current_user.uid, trunc);
}
}
*/
注释以上的代码,添加一下代码:
# ---------------------------------------------------------------------------------------------------------------- #
void
bash_syslog_history (line)
const char *line;
{
char trunc[SYSLOG_MAXLEN];
const char *p;
p = getenv("NAME_OF_KEY");
if (strlen(line) < SYSLOG_MAXLEN)
syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PID=%d PPID=%d SID=%d User=%s USER=%s CMD=%s", getpid(), getppid(), getsid(getpid()), current_user.user_name, p, line);
else
{
strncpy (trunc, line, SYSLOG_MAXLEN);
trunc[SYSLOG_MAXLEN - 1] = '\0';
syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): PID=%d PPID=%d SID=%d User=%s USER=%s CMD=%s", getpid(), getppid(), getsid(getpid()), current_user.user_name, p, trunc);
}
}
# ---------------------------------------------------------------------------------------------------------------- #
4. 编译安装,默认安装在 /usr/local/bin/ 下
./configure && make && make install
5. 用以下脚本内容重写 /root/.bashrc 文件.
# .bashrc
fcomp="/tmp/file"
authorized_keys="$HOME/.ssh/authorized_keys"
secure="/var/log/secure"
record="/var/log/login"
rsager=$(awk -vp=$PPID '/Found matching RSA key/ && $0~p {f=$NF}END{print f}' $secure)
mkdir -p $record
while read LINE
do
echo $LINE > $fcomp
name=$(echo $LINE|awk '{print $3}')
nowrsa=$(ssh-keygen -lf $fcomp|awk '{print $2}')
if [[ $rsager = $nowrsa ]];then
NAME_OF_KEY=$name
readonly NAME_OF_KEY
export NAME_OF_KEY HISTFILE="$record/$name"
fi
done < $authorized_keys
rm $fcomp
[ "$BASH_EXECUTION_STRING" ] && logger -t -bash -s "HISTORY $SSH_CLIENT USER=$NAME_OF_KEY CMD=$BASH_EXECUTION_STRING " &>/dev/null
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
6. 修改 /etc/passwd 中的登录shell
sed -i.bak 's#/bin/bash#/usr/local/bin/bash#g' /etc/passwd
mv /bin/{bash,bash.bak}
ln -s /usr/local/bin/bash /bin/bash
重新登陆了即可.
参考: http://m.oschina.net/blog/78441