Re: [OT] Personalizar fichero bash_history en Debian.

To: sergiogomez <sergiogomez@tostado.com.ar>
Cc: debian-user-spanish@lists.debian.org
Subject: Re: [OT] Personalizar fichero bash_history en Debian.
From: Diego Sanchez <diegors@gmail.com>
Date: Fri, 13 Jul 2012 10:26:00 -0300
Message-id: <[🔎] CAJ8aDpA1PxGT0jBtUAnLWoMTSAyv9VnpTX7FeJwsT49kTKGfAA@mail.gmail.com>
In-reply-to: <[🔎] 1d493ad0824ca9ee4b7d7dcdd88cedc2@tstd.tostado.com.ar>
References: <[🔎] CAABCiyB4BVZJtfrm4FKcc65fKgasA7sE63Hbn0y5adNRmCpu2A@mail.gmail.com> <[🔎] BLU0-SMTP3517A20AA7A1C6C7687319DB1D70@phx.gbl> <[🔎] BLU0-SMTP25141E8500659AD0D8AA50CB1D70@phx.gbl> <[🔎] BLU0-SMTP1902CDC8F2AB51963B68FB5B1D70@phx.gbl> <[🔎] BLU0-SMTP238083FCC8ADCF167C7B310B1D70@phx.gbl> <[🔎] CAABCiyBdZiQeOY=HMdniNz5VsLqn7_SHJUNMx_UeWYoEgy6J-Q@mail.gmail.com> <[🔎] BLU0-SMTP4277D7A28960B9AE30154CB1D70@phx.gbl> <[🔎] 1d493ad0824ca9ee4b7d7dcdd88cedc2@tstd.tostado.com.ar>

Yo solo hago una pregunta..

Probaste con auditd ?

Asi seteas que archivos a auditar (configuraciones, binarios, etc)

# auditctl -w /etc/passwd -p war -k password-file

Y así, buscas al culpable:

# ausearch -f /etc/passwd -i | less

La salida del comando anterior, será similar a esta:

----
type=PATH msg=audit(03/16/2007 14:52:59.985:55) : name=/etc/passwd
flags=follow,open inode=23087346 dev=08:02 mode=file,644 ouid=root
ogid=root rdev=00:00
type=CWD msg=audit(03/16/2007 14:52:59.985:55) :  cwd=/webroot/home/lighttpd
type=FS_INODE msg=audit(03/16/2007 14:52:59.985:55) : inode=23087346
inode_uid=root inode_gid=root inode_dev=08:02 inode_rdev=00:00
type=FS_WATCH msg=audit(03/16/2007 14:52:59.985:55) :
watch_inode=23087346 watch=passwd filterkey=password-file
perm=read,write,append perm_mask=read
type=SYSCALL msg=audit(03/16/2007 14:52:59.985:55) : arch=x86_64
syscall=open success=yes exit=3 a0=7fbffffcb4 a1=0 a2=2 a3=6171d0
items=1 pid=12551 auid=unknown(4294967295) uid=lighttpd gid=lighttpd
euid=lighttpd suid=lighttpd fsuid=lighttpd egid=lighttpd sgid=lighttpd
fsgid=lighttpd comm=grep exe=/bin/grep



Más info y ejemplos:
http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html
--
Diego - Yo no soy paranoico! (pero que me siguen, me siguen)

Reply to:

References:
- [OT] Personalizar fichero bash_history en Debian.
  - From: Ramses II <ramses.sevilla@gmail.com>
- Re: [OT] Personalizar fichero bash_history en Debian.
  - From: "jmramirez (mas_ke_na)" <mas_ke_na@hotmail.com>
- Re: [OT] Personalizar fichero bash_history en Debian.
  - From: "jmramirez (mas_ke_na)" <mas_ke_na@hotmail.com>
- Re: [OT] Personalizar fichero bash_history en Debian.
  - From: "jmramirez (mas_ke_na)" <mas_ke_na@hotmail.com>
- Re: [OT] Personalizar fichero bash_history en Debian.
  - From: "jmramirez (mas_ke_na)" <mas_ke_na@hotmail.com>
- Re: [OT] Personalizar fichero bash_history en Debian.
  - From: Ramses II <ramses.sevilla@gmail.com>
- Re: [OT] Personalizar fichero bash_history en Debian.
  - From: "jmramirez (mas_ke_na)" <mas_ke_na@hotmail.com>
- Re: [OT] Personalizar fichero bash_history en Debian.
  - From: sergiogomez <sergiogomez@tostado.com.ar>

Prev by Date: Re: [OT] Personalizar fichero bash_history en Debian.
Next by Date: Re: [OT] Personalizar fichero bash_history en Debian.
Previous by thread: Re: [OT] Personalizar fichero bash_history en Debian.
Next by thread: Re: [OT] Personalizar fichero bash_history en Debian.
Index(es):
- Date
- Thread