Last active
February 3, 2020 18:46
-
-
Save peteristhegreat/ab0059023fc0a664f7d6b7c73a1b3902 to your computer and use it in GitHub Desktop.
Save an audit log of bash commands executed by admins
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # After any command is executed on the command prompt, write it to the audit log. Don't push duplicates (or empty commands). | |
| # The fc command doesn't hold any empty commands, so suppressing duplicates is necessary to fix someone pressing enter a few times. | |
| PROMPT_COMMAND='new_command="$(fc -ln -0)"; if [ ! "$last_command" = "$new_command" ]; then export last_command="$new_command"; echo "$(date -Iseconds) - SHELL COMMAND: $new_command" >> audit.log; fi' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment