重新编译bash源码 ,
1.打开config-top.h文件,把#define SYSLOG_HISTORY这个宏定义打开。
2.修改bashhist.c文件,添加一个sshd来源IP记录
- void bash_syslog_history (line)
- const char *line;
- {
- char trunc[SYSLOG_MAXLEN];
- char ip[16] ={0};
- char * tmpstr = getenv("SSH_CLIENT");
- int nlength = 0;
- while(tmpstr != NULL)
- {
- if(tmpstr[nlength++] == ' ')
- {
- break;
- }
- if(nlength > 16)
- {
- strncpy(ip,"get env error!",sizeof("get env error!"));
- break;
- }
- }
- if(nlength>0 && nlength <=16)
- strncpy(ip,tmpstr,nlength);
- if (strlen(line) <</span> SYSLOG_MAXLEN)
- syslog(SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: IP=%s PID=%d PPID=%d SID=%d User=%s CMD=%s",ip, getpid(), getppid(), getsid(getpid()), cu rrent_user.user_name, line);
- else
- {
- strncpy (trunc, line, SYSLOG_MAXLEN);
- trunc[SYSLOG_MAXLEN - 1] = '';
- syslog(SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): IP=%s PID=%d PPID=%d SID=%d User=%s CMD=%s",ip, getpid(), getppid(), getsid( getpid()), current_user.user_name, trunc);
- }
- }