C Shell
以下几点:
C Shell的语法(每个shell都有不同),比如设置只读变量用了set -r;
bash下我们用了PROMPT_COMMAND变量,ksh下我们用了trap,C shell下不支持PROMPT_COMMAND变量,我们使用了c shell下的内置变量precmd。C shell下对于trap是否支持,没有进行测试。
使用了别名alias。
最终配置如下:
修改/etc/csh.cshrc文件。 vi /etc/csh.cshrc
在文件最后加入以下内容,将其中的192.168.100.90替换为资源的IP。
# Add content in /etc/csh.cshrc
# Log C Shell user login and commandhistory
set up_client_ip=`(who am i|cut -d\(-f2|cut -d\) -f1)`
set up_flag=`echo $up_client_ip|awk '($1~/[0-9]+.[0-9]+.[0-9]+.[0-9]+/)'`
if ( $up_flag == "" ) then
set -r up_client_ip=`grep"$up_client_ip" /etc/hosts|cut -f1`
else
set -r up_client_ip=`(who am i|cut -d\(-f2|cut -d\) -f1)`
endif
set -r up_nowtime=`(date -d now+"%Y-%m-%d %T")`
if ( `who -m|awk '{print($1)}'` =="`whoami`" && ( "$0" == "csh" ||"$0" == "tcsh" ) ) then
echo >/dev/null;
else
logger -p user.notice --class=\"HOST_LOGIN\" type=\"2\"time=\"$up_nowtime\" src_ip=\"$up_client_ip\"dst_ip=\"192.168.100.90\" primary_user=\"\"secondary_user=\"`(whoami)`\" operation=\"\"content=\"login successful\" authen_status=\"Success\"log_level=\"1\" session_id=\" $$\" >/dev/null
endif
alias precmd 'logger -p user.notice --class=\"HOST_COMMAND\" type=\"3\" time=\"`(date -d now+"%Y-%m-%d %T")`\" src_ip=\"$up_client_ip\"dst_ip=\"192.168.100.90\" primary_user=\"\"secondary_user=\"`(whoami)`\" operation=\"`history 1 | cut-f3-`\" content=\"command\" authen_status=\"\"log_level=\"1\" session_id=\"$$\" >/dev/null'
以上在记录登录日志的时候作了判断,保证了当用户使用tcsh、csh命令切换shell的时候不会记录登录日志。
alias precmd 'logger -p user.notice --class=\"HOST_COMMAND\" type=\"3\" time=\"`(date -d now+"%Y-%m-%d %T")`\" src_ip=\"$up_client_ip\"dst_ip=\"192.168.100.90\" primary_user=\"\"secondary_user=\"`(whoami)`\" operation=\"`history 1 | cut-f3-`\" content=\"command\" authen_status=\"\"log_level=\"1\" session_id=\"$$\" >/dev/null'
precmd
precmd Runs just before each prompt is printed. For example, if one does
> alias precmd date then date(1) runs just before the shell prompts for each command. There are no limits on what precmd can be set to do, but discretion should be used.