[問題] 又來請教egrep+awk 分析資料了
[ /var/log/sudo的內容 ]
May 15 16:10:32 Machine-LAB sudo: root : TTY=pts/0 ; PWD=/root ;
USER=root ; COMMAND=/bin/cat /etc/passwd
May 16 14:20:02 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/userdel kacr111
May 16 16:29:55 Machine-LAB sudo: root : TTY=pts/0 ; PWD=/root ;
USER=root ; COMMAND=/bin/cat /etc/passwd
May 16 16:39:21 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c
Peter Liao -m kacr111
May 16 16:40:40 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ;
USER=root ; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c
Peter Liao -m kacr111
May 16 16:41:38 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ;
USER=root ; COMMAND=/usr/sbin/userdel kacr111
[Script的內容] ~不知道要修改 哪裡,才能使 原始資料列 不要一起印出來
#!/bin/bash
################################################################################
# Purpose : To generate the sudo report
################################################################################
YR=`date +%Y`
PATH=$PATH:/usr/sbin:/bin
if [ ! -d /var/log/aig_maintain ] ;then
mkdir -p /var/log/aig_maintain
fi
FILE-1=/var/log/aig_maintain/sa.txt
LOG_DATE=`date '+%b %e'`
sudo_file='/var/log/sudo'
echo -e "<<< SECURITY ADMIN ACTIVITIES REPORT >>>" > $FILE-1
egrep 'useradd|userdel|usermod' /var/log/sudo|grep "^$LOG_DATE" |while read
line;do
echo -e "`echo $line |awk '"date +%Y" | getline YR; {print
$3,$2,$1,YR,$6 }'`\t`echo $line|cut -d= -f4|cut -d\; -f1`\t`echo $line|cut
-d= -f5`" >> $FILE-1
done
echo -e "<<< End of Security Admin Activities Report >>>\n" >> $FILE-1
chmod 644 $FILE-1
[script產生的結果(原始資料也一起出現)]
<<< SECURITY ADMIN ACTIVITIES REPORT >>>
May 16 14:20:02 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/userdel kacr111
14:20:02 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
May 16 16:39:21 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c
Peter Liao -m kacr111
16:39:21 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
May 16 16:40:40 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ; USER=root
; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c Peter
Liao -m kacr111
16:40:40 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
May 16 16:41:38 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ; USER=root
; COMMAND=/usr/sbin/userdel kacr111
16:41:38 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
<<< End of Security Admin Activities Report >>>
[實際想要的結果]
<<< SECURITY ADMIN ACTIVITIES REPORT >>>
14:20:02 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
16:39:21 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
16:40:40 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
16:41:38 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
<<< End of Security Admin Activities Report >>>
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 210.192.233.146
推
05/17 01:32, , 1F
05/17 01:32, 1F
→
05/17 19:14, , 2F
05/17 19:14, 2F
推
05/18 02:56, , 3F
05/18 02:56, 3F
推
05/18 03:00, , 4F
05/18 03:00, 4F
→
05/18 08:05, , 5F
05/18 08:05, 5F
→
05/18 08:05, , 6F
05/18 08:05, 6F
推
05/18 18:32, , 7F
05/18 18:32, 7F
→
05/18 18:32, , 8F
05/18 18:32, 8F
→
05/18 18:33, , 9F
05/18 18:33, 9F
→
05/19 20:07, , 10F
05/19 20:07, 10F
Linux 近期熱門文章
23
129
PTT數位生活區 即時熱門文章
