I have a virtual server with ubuntu in AWS. I have created multiple users on my server. When I ssh into the server as the root user (ubuntu), I am able to use the bash auto complete for basic commands and bash history. But when I login as a different user it does not work? Is there anything I need to do to fix this?
According to the Bash Reference Manual, ยง9.1: Bash History Facilities:
When the -o history option to the set builtin is enabled (see The Set Builtin), the shell provides access to the command history, the list of commands previously typed.
So, I'd try running
set -o history
and seeing if that fixes it. If it does, then you'll probably want to add that to the other users' log-in scripts.
(Note that set -o history primarily controls whether commands are added to the history, so to test it adequately, you'll want to run:
set -o history
echo foo
echo !!
to confirm that it prints echo foo.)
Related
I am trying to find a way to record every single command that is executed by any user on the system.
Things that I have came across earlier.
It is possible to view shell commands executed from the terminal using ~/.bashrc_history file.
There is a catch here, It logs only those commands which were executed interactively from bash shell/terminal.
This solves one of my problems. But in addition to it, I would like to log those commands also which were executed as a part of the shell script.
Note: I don't have control over shell script. Therefore, adding verbose mode like #!/bin/bash -xe is not possible.
However, this can be assumed that I have root access as a system administrator.
Eg: I have another user that has access to the system. And he runs the following shell script using from his account.
#!/bin/sh
nmap google.com
and run as "$ sh script.sh"
Now, What I want is "nmap google.com" command should be logged somewhere once this file is executed.
Thanks in advance. Even a small help is appreciated.
Edit: I would like to clarify that users are unaware that they are being monitored. So I need a solution something at system level(may be agent running with root). I cannot depend on user to log suspicious activity. Of-course everyone will avoid such tricks to put blame on someone else if they do something fishy or wrong
I am aware that you were asking for Bash and Shell scripting and tagged your question accordingly, but in respect to your requirements
Record every single command that is executed by any user on the system
Users are unaware that they are being monitored
A solution something at system level
I am under the assumption that you are looking for Audit Logging.
So you may take advantage from articles like
Log all commands run by Admins on production servers
Log every command executed by a User
You can run the script in this way:
execute bash (it will override the shebang)
ts to prefix every lines
logs both in terminal and files
bash -x script.sh |& ts | tee -a /tmp/$(date +%F).log
You may ask the other user to create an alias.
Edit:
You may also add this into /etc/profile (sourced when users login)
exec > >(tee -a /tmp/$(date +%F).log)
Do it also for error output if needed. Keep it splited.
I have a lot of configuration for Kwin (the window manager) in another user's home folder (/home/B/.config and other folders).
Is there a way to run Kwin from my session, but make Kwin consider the other user's configuration and environment as well?
I can't copy the files over to my account because they're scattered around B's home folder, and I don't want to risk overwriting stuff.
I tried using sudo, but it doesn't run the command as if it was the B's session, and uses my own config files to run the program instead of those in /home/B/.
If the -H sudo parameter is not enough, maybe you also need something from shell resource files that -i would give you, so something like sudo -i -uusername command.
From sudo's man page:
-i, --login Run the shell specified by the target user's password
database entry as a login shell. This means that
login-specific resource files such as .profile or
.login will be read by the shell. If a command is
specified, it is passed to the shell for execution
via the shell's -c option. If no command is
specified, an interactive shell is executed. sudo
attempts to change to that user's home directory
before running the shell. The command is run with an
environment similar to the one a user would receive
at log in. The Command environment section in the
sudoers(5) manual documents how the -i option affects
the environment in which a command is run when the
sudoers policy is in use.
Does bash shell script leave the history of the commands it executed, such as .bash_history?
I'm curious about it.
No, it does not:
https://www.gnu.org/software/bash/manual/html_node/Bash-History-Facilities.html
9.1 Bash History Facilities
When the -o history option to the set builtin is enabled (see The Set Builtin), the shell provides access to the command history, the list of commands previously typed.
To get current settings, use set -o command. In interactive shells (with -i option of bash or in usual bashes from login or terminal) it prints history on. When used in scripts (bash -c 'set -o' or when you did ssh machine bash without tty allocation) it is unset: history off.
https://www.gnu.org/software/bash/manual/html_node/Interactive-Shell-Behavior.html
6.3.3 Interactive Shell Behavior - When the shell is running interactively, it changes its behavior in several ways.
Command history (see Bash History Facilities) and history expansion (see History Interaction) are enabled by default. Bash will save the command history to the file named by $HISTFILE when a shell with history enabled exits.
History can be enabled in script with several commands: https://askubuntu.com/questions/546556/how-can-i-use-history-command-in-a-bash-script / https://unix.stackexchange.com/questions/5684/history-command-inside-bash-script - set HISTFILE and (optionally) HISTTIMEFORMAT, enable with set -o history and then use history command.
Defined in .bashrc
function gitpullsite(){
echo "Enter GIT username";
read gituname;
echo "Enter GIT password";
read -s gitpword;
giturl=https://$gituname:$gitpword#github.com/whateveruser/whateverrepo.git
repopath=/home/whateveruser/html/whateverrepo/;
sudo rm -r $repopath;
sudo git clone $giturl $repopath;
}
and then run in terminal gitpullsite I want to remove gituname and gitpword from history but I cannot find such entries in history anywhere. I have no process in place to remove such entries so where is this history stored ? Is it ignored as within the scope of the function and not the shell ?
What I don't want is an unknown trail of usernames and passwords stored somewhere I don't know about - an obvious security issue should a system be compromised.
The aim is to add further different 'nested' repos but the user only needs to enter credentials once.
You may want to try https://github.com/dvorka/hstr which, in addition to history management i.e. deleting particular command(s) from history, allows for "suggest box style" filtering.
It can be easily bound to Ctrl-r and/or Ctrl-s
One possible solution would be to not log part of your commands at all.
Multiple ways to do so :
1
To stop logging bash history is:
set +o history
and to reset, that is to start logging again:
set -o history
2
You can also use add ignorespace to your HISTCONTROL environment variable. Then any command line that begins with a space won't be entered into your history.
methods for avoiding bash history logging
Can you prevent a command from going into the bash shell command history?
If I open a shell into a machine with: putty -load session_name and then execute a command to add a job to a Grid queue on a linux system (qsub -cwd -b hostname), everything works fine.
But if I add the command to a text file, and then do putty -load session_name -m file.txt, I get qsub: command not found
If I back out and simplify the text file to be only the command hostname and use the -m option, it also works fine.
If I use the Connection->SSH->Remote command, and do something similar as the -m command, I get the same results as from the command line.
I'm very much a novice at linux systems, and this seems like it should be a simple fix to tell something that 'qsub' exists somewhere. Either that or there are some restrictions on these remote access things...
Edit:
Ok, so the initial question was how to run it--and I figured that out (add an absolute path), but there are other environment variable issues as well. It appears that qsub requires the SGE_ROOT variable to be set, but that isn't set for the remote commands window either.
So, a better question is, how do I get the putty remote commands shell (using -m) to open with the same properties and setup as a manual command line shell?
qsub is on your path when you log in interactively, but in the non-interactive shell it is not. Give the full path in the script, or set PATH in the script, and you ought to fix your problem.
It seems you need to run your command in the context of an interactive session, but the sshd protocol doesn't directly do that. So try invoking the command indirectly through /bin/sh.
/bin/sh -i -c "qsub -cwd -b hostname"
The -i makes the shell initialize itself like an interactive one, so it will load all the environment variables in your .profile or .bashrc that are loaded in a real interactive shell. The -c provides a command to run within that interactive shell.
You shouldn't have to explicitly set any paths this way since it works in an interactive session.