不仅可以记录到击键信息,而且包括终端下的输出信息
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@Centos log]# wget http://www.trustauth.cn/exp/Linux/sh2log-1.0.tgz
—2013–01–07 05:16:56— http://www.trustauth.cn/exp/Linux/sh2log-1.0.tgz
Resolving packetstorm.foofus.com... 64.71.188.242
Connecting to packetstorm.foofus.com|64.71.188.242|:80… connected.
HTTP request sent, awaiting response... 200 OK
Length: 80240 (78K)
Saving to: `sh2log–1.0.tgz‘
100%[=====================================================================================>] 80,240 57.2K/s in 1.4s
2013-01-07 05:16:58 (57.2 KB/s) – `sh2log-1.0.tgz’ saved [80240/80240]
[root@Centos log]# tar xf sh2log-1.0.tgz
[root@Centos log]# cd sh2log-1.0
[root@Centos sh2log–1.0]#
|
编译选项
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@Centos sh2log–1.0]# make
Please specify the target:
make linux
make freebsd
make openbsd
make cygwin
make sunos
make irix
make hpux
make aix
make osf
|
如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
[root@Centos sh2log–1.0]# make linux
gcc –g –W –Wall –o sh2log rc4.c sha1.c sh2log.c –lutil –DLINUX
gcc –g –W –Wall –o sh2logd rc4.c sha1.c sh2logd.c
gcc –g –W –Wall –o parser rc4.c sha1.c parser.c –lX11 –L/usr/X11R6/lib
parser.c:35:22: error: X11/Xlib.h: No such file or directory
parser.c: In function ‘main’:
parser.c:291: error: ‘Display’ undeclared (first use in this function)
parser.c:291: error: (Each undeclared identifier is reported only once
parser.c:291: error: for each function it appears in.)
parser.c:291: error: ‘dpi’ undeclared (first use in this function)
parser.c:292: error: ‘Window’ undeclared (first use in this function)
parser.c:292: error: expected ‘;’ before ‘wnd’
parser.c:293: error: ‘XWindowAttributes’ undeclared (first use in this function)
parser.c:293: error: expected ‘;’ before ‘xwa’
parser.c:515: warning: implicit declaration of function ‘XOpenDisplay’
parser.c:522: error: ‘wnd’ undeclared (first use in this function)
parser.c:524: warning: implicit declaration of function ‘XSetWindowBorderWidth’
parser.c:525: warning: implicit declaration of function ‘XSync’
parser.c:525: error: ‘False’ undeclared (first use in this function)
parser.c:526: warning: implicit declaration of function ‘XGetWindowAttributes’
parser.c:526: error: ‘xwa’ undeclared (first use in this function)
parser.c:714: warning: implicit declaration of function ‘XMoveResizeWindow’
parser.c:772: warning: implicit declaration of function ‘XCloseDisplay’
make: *** [linux] Error 1
|
错误:
|
1
|
parser.c:35:22: error: X11/Xlib.h: No such file or directory
|
安装X11
|
1
|
[root@Centos sh2log–1.0]# yum install libX11-devel
|
再编译:
|
1
2
3
4
|
[root@Centos sh2log–1.0]# make linux
gcc –g –W –Wall –o sh2log rc4.c sha1.c sh2log.c –lutil –DLINUX
gcc –g –W –Wall –o sh2logd rc4.c sha1.c sh2logd.c
gcc –g –W –Wall –o parser rc4.c sha1.c parser.c –lX11 –L/usr/X11R6/lib
|
先删除演示:
|
1
|
[root@Centos sh2log–1.0]# rm test.bin
|
配置:
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@Centos sh2log–1.0]# mkdir /bin/shells/
[root@Centos sh2log–1.0]# cp -p /bin/sh /bin/shells/
[root@Centos sh2log–1.0]# cp -p /bin/bash /bin/shells/
[root@Centos sh2log–1.0]# rm -rf /bin/sh /bin/bash
[root@Centos sh2log–1.0]# cp -p sh2log /bin/sh
[root@Centos sh2log–1.0]# cp -p sh2log /bin/bash
[root@Centos sh2log–1.0]# ./sh2logd
[root@Centos sh2log–1.0]# ps -ef | grep sh2logd
root 27151 1 0 05:24 ? 00:00:00 ./sh2logd
root 27175 26396 0 05:24 pts/3 00:00:00 grep sh2logd
[root@Centos sh2log–1.0]#
|
发现sh2logd 已经启动了 当前目录下生成了以时间命名的BIN文件
|
1
|
–rw———– 1 root root 0 Jan 7 05:24 sh2log–20130107–052402.bin
|
查看记录
先打开个终端操作以下:
|
1
2
3
4
5
6
7
8
9
10
|
[root@Centos log]# bash
[root@Centos log]# ls -la
total 112
drwxr–xr–x 3 root root 4096 Jan 7 05:17 .
drwxrwxrwt 17 root root 4096 Jan 7 05:18 ..
drwxr–xr–x 2 root root 4096 Jan 7 05:24 sh2log–1.0
–rw–r—r— 1 root root 80240 Nov 8 2006 sh2log–1.0.tgz
[root@Centos log]# pwd
/tmp/log
[root@Centos log]#
|
查看日志:
|
1
2
3
4
5
6
7
8
9
10
|
[root@Centos sh2log–1.0]# ./parser sh2log-20130107-052402.bin
SID SOURCE IP UID PID START DATE END DATE DURATION
1 [127.0.0.1] 0 (27293) 07/01 05:25 | 07/01 05:25 X 03s
2 [127.0.0.1] 0 (27407) 07/01 05:26 | 07/01 05:26 X 02s
In interactive mode, use Enter to fast forward, Space to pause and q to quit.
Note that xterm is required for window resizing.
Session ID -> 2
Interactive mode (y/n) ? n
07/01 05:26:53 -> ls –la
07/01 05:26:53 -> pwd
|
文章转载来自:trustauth.cn
领取优惠
提交成功!