February 7, 2011 0

MySQL 5.5.8 and Mac OSX 10.6.6 Issues

By in MacOSX, MySQL

I have just tried to install MySQL v5.5.8 onto my Mac running OSX v10.6.6 but have run into a problem when trying to start it. Basically it came up with an error every time and failed to start.

I have come up with a workaround to get it working.

Edit this file

Mac:~ root# vi /usr/local/mysql/support-files/mysql.server

You then need to change this line (around line number 67)

bindir=./bin

to

bindir=/usr/local/mysql/bin

then try to start the server with

Mac:~ root# /usr/local/mysql/support-files/mysql.server start
Starting MySQL
. SUCCESS!

All working :)

February 3, 2011 0

Apachectl and Mac OS 10.6.5 Ulimit Error

By in MacOSX

After updating Mac OSX to version 10.6.5 you may come across an error if you try to restart apache via the command line.

You will see this error:

Mac:~ root# apachectl restart
/usr/sbin/apachectl: line 82: ulimit: open files: cannot modify limit: Invalid argument

This is due to an update that was released to patch Apache to version 2.2.15 to patch some vulnerabilities in it.

This error can be fixed by editing the ulimit line that is in the apachectl init script.

Fix the Error

  1. Open the file
    Mac:~ root# vi /usr/sbin/apachectl
  2. Find this line
    ULIMIT_MAX_FILES="ulimit -S -n `ulimit -H -n`"
  3. Replace it with this line
    ULIMIT_MAX_FILES=""

This will fix the error and you will be able to start apache from the command line.

August 26, 2009 0

Tripwire Setup

By in Linux, Security, Tripwire, Tutorial

This guide documents how to install and configure Tripwire on a brand new system. This guide is based on installing Tripwire onto a Fedora system.

Description of tripwire “Open Source Tripwire software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems”

  1. Install Tripwire

    Install tripwire from the yum repositories.

    [root@server ~]# yum install tripwire

  2. Backup Original Configuration

    Backup original Tripwire configuration files before we make any changes.

    [root@server ~]# mkdir /home/user/tripwire_backup
[root@server ~]# cp /etc/tripwire/twcfg.txt /home/user/tripwire_backup/twcfg.txt
[root@server ~]# cp /etc/tripwire/twpol.txt /home/user/tripwire_backup/twpol.txt

  3. Directory Checking

    Set Loose Directory Checking to true.

    [root@server ~]# vi /etc/tripwire/twcfg.txt

    Change

    LOOSEDIRECTORYCHECKING =false

    to

    LOOSEDIRECTORYCHECKING =true

  4. Create Keys

    Create the keys for securing Tripwire.

    [root@server ~]# /usr/sbin/tripwire-setup-keyfiles
    ----------------------------------------------
The Tripwire site and local passphrases are used to sign a  variety  of
files, such as the configuration, policy, and database files.
 
Passphrases should be at least 8 characters in length and contain  both
letters and numbers.
 
See the Tripwire manual for more information.
 
----------------------------------------------
Creating key files…
 
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
 
Enter the site keyfile passphrase: <***secret-site-password***>
Verify the site keyfile passphrase: <***secret-site-password***>
Generating key (this may take several minutes)…Key generation complete.
 
(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)
 
Enter the local keyfile passphrase: <***secret-local-password***>
Verify the local keyfile passphrase: <***secret-local-password***>
Generating key (this may take several minutes)…Key generation complete.
 
----------------------------------------------
Signing configuration file…
Please enter your site passphrase: <***secret-site-password***>
Wrote configuration file: /etc/tripwire/tw.cfg
 
A clear-text version of the Tripwire configuration file:
/etc/tripwire/twcfg.txt
has been preserved for your inspection.  It  is  recommended  that  you
move this file to a secure location and/or encrypt it in place (using a
tool such as GPG, for example) after you have examined it.
 
----------------------------------------------
Signing policy file…
Please enter your site passphrase: <***secret-site-password***>
Wrote policy file: /etc/tripwire/tw.pol
 
A clear-text version of the Tripwire policy file:
/etc/tripwire/twpol.txt
has been preserved for  your  inspection.  This  implements  a  minimal
policy, intended only to test  essential  Tripwire  functionality.  You
should edit the policy file to  describe  your  system,  and  then  use
twadmin to generate a new signed copy of the Tripwire policy.
 
Once you have a satisfactory Tripwire policy file, you should move  the
clear-text version to a secure location  and/or  encrypt  it  in  place
(using a tool such as GPG, for example).
 
Now run "tripwire --init" to enter Database Initialization  Mode.  This
reads the policy file, generates a database based on its contents,  and
then cryptographically signs the resulting  database.  Options  can  be
entered on the command line to specify which policy, configuration, and
key files are used  to  create  the  database.  The  filename  for  the
database can be specified as well. If no  options  are  specified,  the
default values from the current configuration file are used.

  5. Initialise DB

    Initialize the Tripwire database. (A list of errors will be displayed these will be fixed later on)

    [root@server ~]# tripwire --init
    Please enter your local passphrase: <***secret-site-password***>
Parsing policy file: /etc/tripwire/tw.pol
Generating the database…
*** Processing Unix File System ***
### Warning: File system error.
### Filename: /dev/kmem
### No such file or directory
### Continuing…
### Warning: File system error.
### Filename: /proc/ksyms
### No such file or directory
### Continuing…
### Warning: File system error.
### Filename: /dev/initctl
### No such file or directory
### Continuing…
Wrote database file: /var/lib/tripwire/server.twd
The database was successfully generated.

  6. Fix Errors

    Fix the Tripwire database errors.

    Create a folder for the update process and change into that directory.

    [root@server ~]# mkdir /home/user/tripwire_update
[root@server ~]# cd /home/user/tripwire_update

    This command will get all of the files that are causing problems because they dont exist and add them to a file which we will use to edit the policy file.

    [root@server ~]# tripwire --check | grep "Filename:" | awk {'print $2'} >> ./tripwire_errors

    Copy the policy file

    [root@server ~]# cp /etc/tripwire/twpol.txt /home/user/tripwire_update/twpol.txt

    Create the script that will automatically fix the errors listed in the tripwire_errors file created earlier and comment out the specific lines in the tripwire policy file.

    [root@server ~]# vi ./tripwire_fix_script.sh
    #!/bin/sh
 
    TWERR="./tripwire_errors"
    TWPOL="./twpol.txt"
 
    export IFS=$'\n'
    for i in $(cat $TWERR);
    do
        if grep $i $TWPOL
        then
            sed -i "s!$i!# $i!g" $TWPOL
        fi
    done

    Run the script.

    [root@server ~]# sh ./tripwire_fix_script.sh

    Now copy the update policy file back to the original location.

    [root@server ~]# cp /home/user/tripwire_update/twpol.txt /etc/tripwire/twpol.txt

    Update the tripwire database from the tripwire policy we have created.

    [root@server ~]# tripwire --update-policy -Z low /etc/tripwire/twpol.txt
    Parsing policy file: /etc/tripwire/twpol.txt
Please enter your local passphrase: <***secret-local-password***>
Please enter your site passphrase: <***secret-site-password***>
======== Policy Update: Processing section Unix File System.
======== Step 1: Gathering information for the new policy.
======== Step 2: Updating the database with new objects.
======== Step 3: Pruning unneeded objects from the database.
Wrote policy file: /etc/tripwire/tw.pol
Wrote database file: /var/lib/tripwire/server.twd

    Run a tripwire check.

    [root@server ~]# tripwire --check
    Parsing policy file: /etc/tripwire/tw.pol
*** Processing Unix File System ***
Performing integrity check…
Wrote report file: /var/lib/tripwire/report/server-20090818-131022.twr
 
Open Source Tripwire® 2.4.1 Integrity Check Report
 
Report generated by:          root
Report created on:            Tue 18 Aug 2009 13:10:22 BST
Database last updated on:     Tue 18 Aug 2009 13:08:30 BST
 
===============================================================================
Report Summary:
===============================================================================
 
Host name:                    server
Host IP address:              127.0.0.1
Host ID:                      None
Policy file used:             /etc/tripwire/tw.pol
Configuration file used:      /etc/tripwire/tw.cfg
Database file used:           /var/lib/tripwire/server.twd
Command line used:            tripwire --check
 
===============================================================================
Rule Summary:
===============================================================================
 
-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------
 
Rule Name                       Severity Level    Added    Removed  Modified
---------                       --------------    -----    -------  --------
Invariant Directories           66                0        0        0
Temporary directories           33                0        0        0
* Tripwire Data Files             100               0        0        1
Critical devices                100               0        0        0
User binaries                   66                0        0        0
Tripwire Binaries               100               0        0        0
Libraries                       66                0        0        0
File System and Disk Administraton Programs
100               0        0        0
Kernel Administration Programs  100               0        0        0
Networking Programs             100               0        0        0
System Administration Programs  100               0        0        0
Hardware and Device Control Programs
100               0        0        0
System Information Programs     100               0        0        0
Application Information Programs
100               0        0        0
(/sbin/rtmon)
Shell Related Programs          100               0        0        0
Operating System Utilities      100               0        0        0
Critical Utility Sym-Links      100               0        0        0
Shell Binaries                  100               0        0        0
Critical system boot files      100               0        0        0
System boot changes             100               0        0        0
OS executables and libraries    100               0        0        0
Critical configuration files    100               0        0        0
Security Control                100               0        0        0
Login Scripts                   100               0        0        0
Root config files               100               0        0        0
 
Total objects scanned:  14663
Total violations found:  1
 
===============================================================================
Object Summary:
===============================================================================
 
-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------
Rule Name: Tripwire Data Files (/etc/tripwire/tw.pol)
Severity Level: 100
-------------------------------------------------------------------------------
 
Modified:
"/etc/tripwire/tw.pol"
 
===============================================================================
Error Report:
===============================================================================
 
No Errors
 
-------------------------------------------------------------------------------
*** End of report ***
 
Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Integrity check complete.

  7. Run a check

    [root@server ~]# /etc/cron.daily/tripwire-check

  8. Update (Again)

    Update again to fix the error that will be displayed because we have updated the policy file. Change YYYYMMDD & HHMMSS to the date and time that you ran the first check. To find the latest one just do an ls-la on /var/lib/tripwire/report/

    tripwire --update --twrfile /var/lib/tripwire/report/server-YYYMMDD-HHMMSS.twr

  9. Email Reports

    [root@server ~]# vi /etc/cron.daily/tripwire-check

    Change:

    test -f /etc/tripwire/tw.cfg &&  /usr/sbin/tripwire --check

    to

    test -f /etc/tripwire/tw.cfg &&  /usr/sbin/tripwire --check | /bin/mail -s "File Integrity Report (Tripwire) - servername" user@domain.tld

  10. Directory Checking (Revert)

    Set Loose Directory Checking to false.

    [root@server ~]# vi /etc/tripwire/twcfg.txt

    Change

    LOOSEDIRECTORYCHECKING =true

    to

    LOOSEDIRECTORYCHECKING =false

  11. Testing

    This will run the cron.daily tripwire check script and email out a report to the email address you have specified.

    [root@server ~]# /etc/cron.daily/tripwire-check

You now have a working tripwire setup, if any changes are made to your file system you will see them in the report that gets emailed out to you everyday. If you have made the changes dont forget to update, otherwise you will just see loads of errors and wont be able to tell if something is actually wrong.

August 11, 2009 0

Apache and SSL Setup

By in Apache, Linux, SSL, Tutorial

Ok this post documents how to setup Apache with SSL and either be your own singing authority or use one like Thawte

I assume that you already have apache installed.

  1. Create a Key Pair

    Create your site RSA private Key and CSR (Certificate Signing Request)

    [root@server ~]# openssl genrsa -des3 -out domain.tld.key 1024

    You will be asked to enter a pass phrase for the key, remember this as you will need it later.
    A key size of 1024 is used because it is stronger than 512. Anything over 1024 can cause problems with some browsers.

    This where you have to choose to either sign the certificate yourself or get it signed by a CA (Certification Authority)

    This next steps document how to get a certificate signed by a CA such as Thawte. If you want to sign it yourself jump to step 4.

  2. Create a CSR

    Create a CSR (Certificate Signing Request)

    [root@server ~]# openssl req -new -key domain.tld.key -out domain.tld.csr

  3. Sign the CSR (Signed by Signing Authority)

    You now have to send the generated CSR (Certificate Signing Request) to a CA (Certifying Authority) to be signed. Most CA’s will charge for this service. Once the CSR has been sent to them, using which ever method they prefer (Email, online form) they will the process it and send you a certificate back usually with a .crt extension. Once you have the domain.tld.key file and the domain.tld.crt file jump to part 5

  4. Sign the CSR (Signed by Yourself)

    [root@server ~]# openssl req -new -x509 -nodes -sha1 -days 365 -key domain.tld.key -out domain.tld.crt

  5. Configure Apache

    You now have your domain.tld.key (Key) file and your domain.tld.crt (Certificate) file. We will now need to configure Apache to use these.

  6. Install MOD_SSL

    Install mod_ssl via the yum repos.

    [root@server ~]# yum install mod_ssl

  7. Move the Key and Certificate

    Move the key and certificate. I usually create the directory “/etc/httpd/ssl” and then put my key and certificate in there.

    [root@server ~]# mkdir /etc/httpd/ssl
[root@server ~]# mv domain.tld.key /etc/httpd/ssl/domain.tld.key
[root@server ~]# mv domain.tld.crt /etc/httpd/ssl/domain.tld.crt

  8. Configure Apache (Password needed to restart Apache)

    Configure apache to use the Certificate and Key.

    [root@server ~]# vi /etc/httpd/conf.d/ssl.conf

    Configure the following paths:

    SSLCertificateFile /etc/httpd/ssl/domain.tld.crt
SSLCertificateKeyFile /etc/httpd/ssl/domain.tld.key

  9. Restart Apache

    [root@server ~]# /sbin/service httpd restart

    You will be asked to enter a passphrase to start Apache, this is the password we typed right at the start for the Key. once you have typed the correct passphrase apache will startup using SSL.

  10. Configure Apache (Password NOT needed to restart Apache)

    If you dont want to enter a passphrase to restart apache you have to remove the encryption.

    [root@server ~]# cp domain.tld.key domain.tld.key.org
[root@server ~]# openssl rsa -in domain.tld.key.org -out domain.tld.key
[root@server ~]# chmod 400 domain.tld.key

    This removes the encryption and sets the key to only be readable by root.

  11. Restart Apache

    [root@server ~]# /sbin/service httpd restart

    You shouldnt now be prompted to enter a passphrase and Apache will start.

July 24, 2009 0

Intel SS4000-E Enable SSH

By in NAS, SS4000-E, Tutorial

This explains how to enables SSH access on an Intel SS4000-E NAS (Network Attached Storage)

There is a CGI page included with your NAS that isnt documented anywhere. Luckily someone found it.

To enable SSH just navigate here: http://xxx.xxx.xxx.xxx/ssh_controlF.cgi

substitute xxx.xxx.xxx.xxx with internal IP of your NAS

When the device is rebooted, SSH will be disabled again.

June 26, 2009 0

HP SMHP Setup on Fedora

By in HP, Linux, Tutorial

I have a HP DL380 running Fedora, but the problem is I cant install the HP tools, which are really useful, they provide things from PSU monitoring to array configuration all through a nice web interface.

See this link: http://h18006.www1.hp.com/products/servers/management/agents/index.html

HP only provide this software for a few Linux Distributions such as SUSE and RHEL, which are all paid for support / update OS’s.

I have managed to get this HP software working under Fedora to provide most if not all of the functionality you would normally. I have posted the instructions I have used below.

1. Update the system and reboot if needed

[root@server ~]# yum -y update

Trick the HP software so it thinks Redhat Enterprise is installed

2. Backup the redhat-release file

[root@server ~]# cp /etc/redhat-release /home/user/redhat-release.bak

3. Edit the redhat-release file

[root@server ~]# vi /etc/redhat-release

Replace “Fedora release XX (Xxxxxxxxxxxxx)” with “Red Hat Enterprise Linux ES release 5″

4. Change the posix version

[root@server ~]# export _POSIX2_VERSION=199209

5. Download the Proliant Support Pack (PSP) from the HP website.

6. Unzip the package that you have downloaded.

7. In the directory that was created there will be a installXX.sh script, run this and follow the on screen instructions.

Note: Some of the packages failed to install because of dependencies, you can install these but I found most of them can be ignored. The packages that didn’t install for me were the hp-snmp and hp-smh-templates packages. once the RPM’s were unzipped I tried a manual install using rpm -Uvh which failed due to dependencies. After checking the dependencies, i had the packages installed but the wrong lib versions, the software needs .so.10 and i had .so.15. so i just used rpm -Uvh –nodeps, the package installed and the software just worked.

8. Move the original redhat-release file back

[root@server ~]# mv /home/user/redhat-release.bak /etc/redhat-release

All done.

Now you should be able to browse to https://you-server-name:2381 and login with your root account. (Check firewall rules)

June 22, 2009 0

HP ILO Port Numbers

By in Firewall Ports, HP

If you use HP hardware, you might be aware of ILO (Integrated Lights Out) This provides remote administration capabilities for HP hardware such as the DL series of servers.

If you want to use this software you will need to open up a few ports on the firewall in front of your server.

Port Name Default Value Port Description
Web Server Non-SSL (HTTP) 80 Web server displaying ILO page
Web Server SSL (HTTPS) 443 Web server displaying ILO page over a secure link
Virtual Media 17988 Virtual cd-rom or floppy using images / ISOs
Remote Console / telnet 23 Display for remote console
Terminal Services 3389 Connect to the ILO display over RDP
Secure Shell (SSH) 22 Connect to the ILO via SSH

Hope this helps as I know I have spent ages trying to work out why the virtual media would not work correctly, after opening up port 17988 it all worked fine.

April 20, 2009 0

Sun Virtual Box Copy Hard Disk

By in Virtualisation, Windows

Running Virtual Box on a Windows machine, I want to copy a disk rather than building a new system, so copy the drive and add it to the media manager and add it to a new VM, it will most likely say that the UUID is already in existence. So you will have to give it a new UUID:

C:\Program Files\Sun\VirtualBox>VBoxManage internalcommands setvdiuuid C:\ \disk01.vdi
Sun VirtualBox Command Line Management Interface Version 3.1.6
(C) 2005-2010 Sun Microsystems, Inc.
All rights reserved.

UUID changed to: 3abdc988-3095-4d36-8119-63ac11e7b3d8

All done.

March 25, 2009 0

Add new drive array to linux HP server

By in HP, Linux, Tutorial

This post is gonig to show you how to add a second drive array to a linux hp server. I am using a HP DL380 G3 and my current setup is 2 drives configured as a raid 1+0 set to install my OS on and now i need to use the other 4 drives to configure a raid 5 set to use as storage. The OS is installed and up and running.

Explaing naming conventions for HP Disks
/dev/cciss/c0d1

Now lets configure the array

[root@server ~]# /sbin/fdisk /dev/cciss/c0d1
 
The number of cylinders for this disk is set to 52299.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)
 
Command (m for help):

See if there are any arrays configured already

Command (m for help): p
 
Disk /dev/cciss/c0d1: 218.5 GB, 218501038080 bytes
255 heads, 32 sectors/track, 52299 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes
Disk identifier: 0x1680ee20
 
           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d1p1               1       52299   213379904    5  Extended

Delete the current partition

Command (m for help): d
Selected partition 1

Now there shouldnt be any partitions left

Command (m for help): p
 
Disk /dev/cciss/c0d1: 218.5 GB, 218501038080 bytes
255 heads, 32 sectors/track, 52299 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes
Disk identifier: 0x1680ee20
 
           Device Boot      Start         End      Blocks   Id  System

Creating a new disk

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-52299, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-52299, default 52299):
Using default value 52299

set the type

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 83

Check that everything has been done correctly

Command (m for help): p
 
Disk /dev/cciss/c0d1: 218.5 GB, 218501038080 bytes
255 heads, 32 sectors/track, 52299 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes
Disk identifier: 0x1680ee20
 
           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d1p1               1       52299   213379919+  83  Linux

write the changes

Command (m for help): w
The partition table has been altered!
 
Calling ioctl() to re-read partition table.
Syncing disks.

We now need to format the disk so that we can use it, I have chosen to use ext3.

[root@server ~]# /sbin/mkfs -t ext3 /dev/cciss/c0d1p1
mke2fs 1.41.3 (12-Oct-2008)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
13336576 inodes, 53344979 blocks
2667248 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
1628 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000, 7962624, 11239424, 20480000, 23887872
 
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
 
This filesystem will be automatically checked every 31 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

We will use the UUID (Universally Unique IDentifier) to reference the disk we have just created. To get the UUID we need to run the following command:

[root@server ~]# /lib/udev/vol_id -u /dev/cciss/c0d1p1
f5fff8af-f51f-4398-9e8f-dfb9e72ed362

Now we have to take the UUID and add it to the fstab. First create the directory you want the new storage to be mounted as, for this example I will use /storage01.

[root@server ~]# mkdir /storage01
[root@server ~]# vi /etc/fstab
 
#
# /etc/fstab
# Created by anaconda on Fri Feb 20 09:49:19 2009
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or vol_id(8) for more info
#
UUID=201df672-e84b-4495-bcdc-a76e1a5d91b8 /                       ext3    defaults        1 1
UUID=765f9b40-3f89-406c-a19a-5f4c47343a81 /boot                   ext3    defaults        1 2
UUID=f5fff8af-f51f-4398-9e8f-dfb9e72ed362 /storage01                ext3    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
UUID=cb67c89a-7888-4760-8023-78e6a5398085 swap                    swap    defaults        0 0

View the mounts

[user@server ~]$ df -kh
Filesystem            Size  Used Avail Use% Mounted on
/dev/cciss/c0d0p2      61G  1.5G   57G   3% /
/dev/cciss/c0d0p1      99M   20M   74M  22% /boot
/dev/cciss/c0d1p1     201G  188M  190G   1% /u01
tmpfs                 2.9G     0  2.9G   0% /dev/shm
March 9, 2009 0

Time Stamp in BASH History

By in Bash, Linux, Shell, Tutorial

The history command is used to display a list of all executed commands at the shell. It is a useful tool to find out what command was executed before a certain problem arose with a server. (e.g. a file is deleted, you can look through the history to see who executed the command) The problem with this is you will have to do a bit of investigation work before you can see when the command was executed.

You can look through the logins of users and work out who was logged in using the last command, but this takes a bit of time.

Wouldnt things be easier if you could have a timestamp next to the command when you execute the history command. Well you can, you just need to set one variable: HISTTIMEFORMAT.

HISTTIMEFORMAT takes format string of strftime. Check out the strftime manual to choose and construct the timestamp that suit your taste. I use “%F %T “, this outputs 2009-03-09 14:01.

Ok to illistrate how this works type

[user@server ~]$ history
    1  vi /etc/sysconfig/iptables
    2  su
    3  vi /etc/hosts
    4  ls
    5  su
    6  free -g
    7  yum search apache
    8  cat /proc/cpuinfo
    9  uname -r
   10  su

Now run this

[user@server ~]$ export HISTTIMEFORMAT="%F %T "

Now if you run the history command you get this

[user@server ~]$ history
    1  2009-03-09 16:43:20 vi /etc/sysconfig/iptables
    2  2009-03-09 16:43:20 su
    3  2009-03-09 16:43:20 vi /etc/hosts
    4  2009-03-09 16:43:20 ls
    5  2009-03-09 16:43:20 su
    6  2009-03-09 16:43:20 free -g
    7  2009-03-09 16:43:20 yum search apache
    8  2009-03-09 16:43:20 cat /proc/cpuinfo
    9  2009-03-09 16:43:20 uname -r
   10  2009-03-09 16:43:20 su

As you can see because these command were run before timestamps were stored they are all given the current date and time, after this they will be stamped correctly.

To make this permanente if you put the export into ~/.bash_profile as well as /root/.bash_profile. In case you do not have .bash_profile, you can choose to put into ~/.bashrc.

Older Posts