Logs not captured from script (127 Views)
Reply
Advisor
Krishna Kumar Swarnkar
Posts: 19
Registered: ‎01-25-2011
Message 1 of 1 (127 Views)

Logs not captured from script

Hi All ,,

Iam using the below mention script in for command level logs capturing of root user on my system ...this script is added under .profile of root user..so whenever a user gets login it will run automatically and captures logs and when user gets logout it will create a file under path  $home/.HISTORY/BKUP but if i will close the session from putty directly without getting logout it doesnt create a file...So i want to know what modification is need to get this done..

 

 

#*****************************************************************************************#

WHOSTARTED=`ps -flp $PPID | grep $PPID | awk '{print $3}'`
WHATSTARTED=`ps -flp $PPID | grep $PPID | awk '{print $15}'`
mkdir -p $HOME/.HISTORY/BKUP > /dev/null 2>&1
chmod 777 $HOME/.HISTORY/BKUP
if [ "$WHATSTARTED" = "telnetd" ]; then
 WHOSTARTED=`whoami`
 fi
TMPNAMEHIST="${WHOSTARTED}-`date +"%d-%m-%y-%H-%M-%S"`"
TMPNAMEHIST="${TMPNAMEHIST}.TXT"
touch $HOME/.HISTORY/${TMPNAMEHIST}
chmod 777 $HOME/.HISTORY/${TMPNAMEHIST}
HISTFILE1="$HOME/.HISTORY/${TMPNAMEHIST}"
HISTFILE=~/sh_history
HISTSIZE=2000
export HISTFILE
export HISTFILE1
export HISTSIZE
#######################################################################
who -u|awk -F " " '{print $7}' > /tmp/pidroot.log
for i in `cat /tmp/pidroot.log`
do
ptree $i |grep $PPID|grep -v grep
if [ $? -eq 0 ]
then
who -u|grep $i >> $HISTFILE1
fi
done
##########################################################################
#trap "tail -1 ~/sh_history >>$HISTFILE1 "  DEBUG
TTY=`tty | awk -F / '{print $4}'`
#PS1='[$ORACLE_SID-$HOST_NAME-$TTY]$PWD > '
export TTY PS1
alias lsp='ls -lrt |pg -20 -p "Page No %d" -s'
alias rm='rm -i'
alias dir='ls -lrt |grep ^d'
alias mv='mv -i'
alias cp='cp -i'
export lsp rm dir mv cp
trap "echo logout && chmod 644 `echo $HISTFILE1` > /dev/null 2>&1 && mv -f `echo $HISTFILE1` $HOME/.HISTORY/BKUP && rm -rf $HOME/.HISTORY/*.TXT
clear" 0
clear

 

###############################################################################################

 

 

As per my observation usage of some conditional operator make it work but find it difficult to implement in below mentioned line.

trap "echo logout && chmod 644 `echo $HISTFILE1` > /dev/null 2>&1 && mv -f `echo $HISTFILE1` $HOME/.HISTORY/BKUP && rm -rf $HOME/.HISTORY/*.TXT

 

 

Regards

Krishna

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation