How to setup different history file based on IP address
Hi all,
my company has a tool that periodically changes root password on all servers. For some reason this tool connect to the server at least twice a day running some commands.
Personally I find annoying that history file gets filled by unuseful lines, so I though that setup a different history file for that toll would be a good solution.
So I setup a simple script like the following:
[root@server1 ~]# cat /etc/profile.d/history.sh
# This sets different history file for PAM tool
SRC_IP1="10.237.105.85"
SRC_IP2="10.237.113.85"
echo $SSH_CLIENT| grep -E "$SRC_IP1|$SRC_IP2" > /dev/null
RC=$?
if [[ $RC -eq 0 ]]; then
export HISTFILE="~/.bash_anotherhistory"
fi
I don't know why, but this is not working, commands are still written in .bash_history, even if the env command shows HISTFILE properly set.
Here's the commands I find into history:
id
( ( ( passwd ) && echo '==O''K==') || echo '==FA''IL==')
date -u +'DA''TE-%d-%m-%Y'; ( grep '^root:' /etc/shadow ) ; id 'root'; echo '==''E''N''D''==' ;
sudo -K; exit
this is lastcomm output:
#lastcomm --pid --forward --tty pts/1
grep root pts/1 0.00 secs Tue Dec 8 11:37 16158 16157
grepconf.sh root pts/1 0.00 secs Tue Dec 8 11:37 16157 16156
tty root pts/1 0.00 secs Tue Dec 8 11:37 16160 16159
tput root pts/1 0.00 secs Tue Dec 8 11:37 16161 16159
bash F root pts/1 0.00 secs Tue Dec 8 11:37 16159 16156
dircolors root pts/1 0.00 secs Tue Dec 8 11:37 16163 16162
bash F root pts/1 0.00 secs Tue Dec 8 11:37 16162 16156
grep root pts/1 0.00 secs Tue Dec 8 11:37 16164 16156
date root pts/1 0.00 secs Tue Dec 8 11:37 16165 16156
head root pts/1 0.00 secs Tue Dec 8 11:37 16167 16156
last X root pts/1 0.00 secs Tue Dec 8 11:37 16166 16156
bash F root pts/1 0.00 secs Tue Dec 8 11:37 16168 16156
grep root pts/1 0.00 secs Tue Dec 8 11:37 16169 16156
env root pts/1 0.00 secs Tue Dec 8 11:37 16170 16156
consoletype root pts/1 0.00 secs Tue Dec 8 11:37 16172 16171
bash F root pts/1 0.00 secs Tue Dec 8 11:37 16171 16156
date root pts/1 0.00 secs Tue Dec 8 11:37 16175 16156
grep S root pts/1 0.00 secs Tue Dec 8 11:37 16176 16156
id root pts/1 0.00 secs Tue Dec 8 11:37 16177 16156
id root pts/1 0.00 secs Tue Dec 8 11:37 16178 16156
passwd S root pts/1 0.02 secs Tue Dec 8 11:37 16181 16180
sh F root pts/1 0.00 secs Tue Dec 8 11:37 16180 16179
sh F root pts/1 0.00 secs Tue Dec 8 11:37 16179 16156
date root pts/1 0.00 secs Tue Dec 8 11:37 16187 16156
grep S root pts/1 0.00 secs Tue Dec 8 11:37 16188 16156
id root pts/1 0.00 secs Tue Dec 8 11:37 16189 16156
Any ideas?
Thanks a lot.