Bash cheatsheet: Difference between revisions

From Lolly's Wiki
Jump to navigationJump to search
Line 1: Line 1:
=bash history per user=
=bash history per user=
You need to set LogLevel of sshd to VERBOSE in your /etc/ssh/sshd_config:
<source lang=bash>
...
LogLevel VERBOSE
...
</source>
If you are using ssh public keys for authenticating and want to use a seperate history for each user, you can put this in your .bash_profile:
If you are using ssh public keys for authenticating and want to use a seperate history for each user, you can put this in your .bash_profile:
<source lang=bash>
<source lang=bash>
FINGERPRINT=$(nawk -v ssh_connection="${SSH_CONNECTION}" -v user=${LOGNAME} 'BEGIN{split(ssh_connection,connection)}/.*sshd\[[0-9]+\]: Accepted publickey for/ && $(NF-5)==connection[1] && $(NF-3)==connection[2] {print $NF;}' /var/log/auth.log)
[ -f /var/log/fingerprint.log ] && FINGERPRINT=$(nawk -v ssh_connection="${SSH_CONNECTION}" -v user=${LOGNAME} 'BEGIN{split(ssh_connection,connection)}/.*sshd\[[0-9]+\]: Accepted publickey for/ && $(NF-5)==connection[1] && $(NF-3)==connection[2] {print $NF;}' /var/log/fingerprint.log)


export HISTFILE=.bash_history_${FINGERPRINT:-${SUDO_USER:-login}}
export HISTFILE=.bash_history_${FINGERPRINT:-${SUDO_USER:-login}}
Line 8: Line 15:
If $FINGERPRINT is empty the sudo user will be used.
If $FINGERPRINT is empty the sudo user will be used.


You need to set LogLevel of sshd to VERBOSE in your /etc/ssh/sshd_config:
I forced rsyslog to write another logfile where group ssh may read:
/etc/rsyslog.d/99-fingerprint.conf:
<source lang=bash>
$FileCreateMode 0640
$FileGroup ssh
auth                /var/log/fingerprint.log
</source>
 
Add user syslog to group ssh so that syslog can open a file as group ssh:
<source lang=bash>
# usermod -aG ssh syslog
</source>
 
Let only users from group ssh login via ssh except the syslog user:
/etc/ssh/sshd_config:
<source lang=bash>
<source lang=bash>
...
# SSH is only allowed for users in this group
LogLevel VERBOSE
AllowGroups ssh
...
DenyUsers syslog
</source>
</source>



Revision as of 11:49, 11 December 2015

bash history per user

You need to set LogLevel of sshd to VERBOSE in your /etc/ssh/sshd_config:

...
LogLevel VERBOSE
...

If you are using ssh public keys for authenticating and want to use a seperate history for each user, you can put this in your .bash_profile:

[ -f /var/log/fingerprint.log ] && FINGERPRINT=$(nawk -v ssh_connection="${SSH_CONNECTION}" -v user=${LOGNAME} 'BEGIN{split(ssh_connection,connection)}/.*sshd\[[0-9]+\]: Accepted publickey for/ && $(NF-5)==connection[1] && $(NF-3)==connection[2] {print $NF;}' /var/log/fingerprint.log)

export HISTFILE=.bash_history_${FINGERPRINT:-${SUDO_USER:-login}}

If $FINGERPRINT is empty the sudo user will be used.

I forced rsyslog to write another logfile where group ssh may read: /etc/rsyslog.d/99-fingerprint.conf:

$FileCreateMode 0640
$FileGroup ssh
auth                 /var/log/fingerprint.log

Add user syslog to group ssh so that syslog can open a file as group ssh:

# usermod -aG ssh syslog

Let only users from group ssh login via ssh except the syslog user: /etc/ssh/sshd_config:

# SSH is only allowed for users in this group
AllowGroups ssh
DenyUsers syslog

bash prompt

Put this in your ~/.bash_profile

typeset +x PS1="\[\e]0;\u@\h: \w\a\]\u@\h:\w# "

Nützliche Variablenersetzungen

dirname

$ myself=/usr/bin/blafasel ; echo ${myself%/*} 
/usr/bin

basename

$ myself=/usr/bin/blafasel ; echo ${myself##*/} 
blafasel

Schleifen

Zahlenfolgen

$ for i in {0..9} ; do echo $i ; done

oder

$ for ((i=0;i<=9;i++)); do echo $i; done

so gehen natürlich auch andere Sprünge, z.B. immer 3 weiter:

$ for ((i=0;i<=9;i+=3)); do echo $i; done

oder oder oder

$ for ((i=0,j=1;i<=9;i+=3,j++)); do echo "$i $j"; done

Rechnen

$ echo $[ 3 + 4 ]  
$ echo $[ 2 ** 8 ] # 2^8

Kategorie:Bash