[clug] logging "rm" usage

Steven Hanley sjh at wibble.net
Thu Jul 10 11:51:59 EST 2003


On Thu, Jul 10, 2003 at 11:39:48AM +1000, Rousak, Boris wrote:
> 
> Thanks to all who replied to this issue. Having had a look at the c hooks
> into the OS that are required i think this really is overkill for my
> purposes (which are: simple auditing). Also this has to be easily portable
> to Tru64 which the c code isn't (as i am a novice in c :) ). Opting for a
> second option of simple script substitution and also command aliasing the
> following did the job:
> alias rm='echo $(date --iso-8601=seconds) $(whoami) >> /tmp/logname &&
> /bin/rm $1'

hmm, that alias will only work in csh (variants) and some others, not in
bash, bash does not handle arguments to aliases. Also the alias you have
does not log the filename they removed, seems an interesting audit, you know
who they are and when they removed something, but not what they removed.

If you want something that does not depend on the shell to work correctly I
suggest a shell script called something like /usr/local/bin/log_rm and have
the alias instead be

alias rm=/usr/local/bin/log_rm

This means the shell script can have arguments irrelevant of the calling
shell, it can also be more complex later on if need be (such as logging the
name of the deleted file).

	See You
	    Steve

-- 
sjh at wibble.net http://svana.org/sjh
You are subtle as a window pane standing in my view
but I will wait for it to rain so that I can see you
   Anticipate - Ani



More information about the linux mailing list