Bash 操作审计和安全加固 —— 筑梦之路

bash 记录

配置环境变量：/etc/profile

export HISTTIMEFORMAT="%F %T "export HISTORY_FILE=/var/log/history/bash_history.logexport PROMPT_COMMAND='{ thisHistID=`history 1|awk "{print \\$1}"`;lastCommand=`history 1| awk "{\\$1=\"\" ;print}"`;user=`id -un`;whoStr=(`who -u am i`);realUser=${whoStr[0]};logMonth=${whoStr[2]};logTime=${whoStr[3]};pid=${whoStr[6]};ip=${whoStr[7]};if [ ${thisHistID}x != ${lastHistID}x ];then echo -E `date "+%Y/%m/%d %H:%M:%S"` $user\($realUser\)@$ip[PID:$pid][LOGIN:$logMonth $logTime] --- $lastCommand ;lastHistID=$thisHistID;fi; } >> $HISTORY_FILE'

安全加固

默认情况 /var/log/history/bash_history.log 文件权限为所有人可写，为了进一步提升安全性，调整该文件中内容只可追加：

$ ls -l /var/log/history/bash_history.log$ chattr +a /var/log/history/bash_history.log$ lsattr /var/log/history/bash_history.log
-----a---------- /var/log/history/bash_history.log

 日志优化

进行日志切割

/var/log/history/bash_history.log {dailymissingokdateextrotate 180notifemptycopytruncateprerotatechattr -a /var/log/history/bash_history.log > /dev/nullendscriptpostrotatechattr +a /var/log/history/bash_history.log > /dev/nullchmod 644 /var/log/history/bash_history.log-`date '+%Y%m%d'`endscript
}

搜集学习之用