一、编译BASH实现bash的syslog日志记录功能 1. 本文将通过bash软件实现history记录到syslog日志的功能,并通过该方式可以实现实时的传送到了远端的日志集中服务器上,可以实现操作目志的审计功能。
操作系统版本 : CentOS 6.5 x64
2. 安装6.5对应bash源码包# wget
# rpm -i bash-4.1.2-15.el6_4.src.rpm
#安装报警告可以忽略。
warning: bash-4.1.2-15.el6_4.src.rpm: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
...
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
warning: user mockbuild does not exist - using root
[root@localhost soft]#
安装完成后,会在当前用户主目录下创建如下目录结构。
[root@localhost ~]# pwd
/root
# ls
anaconda-ks.cfg bash-4.1.2-15.el6_4.src.rpm install.log install.log.syslog rpmbuild 公共的 模板 视频 图片 文档 下载 音乐 桌面
[root@localhost ~]# tree rpmbuild/
rpmbuild/
├── SOURCES
│ ├── bash-2.02-security.patch
│ ├── bash-2.03-paths.patch
│ ├── bash-2.03-profile.patch
│ ├── bash-2.05a-interpreter.patch
│ ├── bash-2.05b-debuginfo.patch
│ ├── bash-2.05b-manso.patch
│ ├── bash-2.05b-pgrp_sync.patch
│ ├── bash-2.05b-readline-oom.patch
│ ├── bash-2.05b-xcc.patch
│ ├── bash-3.2-audit.patch
│ ├── bash-3.2-ssh_source_bash.patch
│ ├── bash-4.0-nobits.patch
│ ├── bash41-001
│ ├── bash41-002
│ ├── bash-4.1-bind_int_variable.patch
│ ├── bash-4.1-broken_pipe.patch
│ ├── bash-4.1-defer-sigchld-trap.patch
│ ├── bash-4.1-examples.patch
│ ├── bash-4.1-logout.patch
│ ├── bash-4.1-manpage.patch
│ ├── bash-4.1-manpage_trap.patch
│ ├── bash-4.1-signal.patch
│ ├── bash-4.1.tar.gz
│ ├── bash-4.1-trap.patch
│ ├── bash-bashbug.patch
│ ├── bash-infotags.patch
│ ├── bash-requires.patch
│ ├── bash-setlocale.patch
│ ├── bash-tty-tests.patch
│ ├── dot-bash_logout
│ ├── dot-bash_profile
│ └── dot-bashrc
└── SPECS
└── bash.spec
2 directories, 33 files
2. 进入目录中,解决bash-4.1源码包目录[root@localhost ~]# cd /root/rpmbuild/SOURCES/
[root@localhost SOURCES]# tar zxvf bash-4.1.tar.gz
[root@localhost SOURCES]# cp -a bash-4.1 bash-4.1-orig
[root@localhost SOURCES]#
[root@localhost SOURCES]# cd bash-4.1
[root@localhost bash-4.1]#
# vim config-top.h
#取消104行的注释,并将下面代码修改为如下内容,默认情况下日志记录在/var/log/message文件中,这调整为local1.debug指定的文件中。
/* #define SYSLOG_HISTORY */