Intelligente Lösungen
in neuer Dimension

Protokollierung mit 'shournal'

Mittels dem GitHub-Projekt shournal soll es möglich sein, alle Dateizugriffe zu protokollieren. Das würde mir helfen, alle heruntergeladenen Dateie automatisch mittels Virenscanner zu überprüfen. Hier beschreibe ich meine Erfahrungen damit.

Paket erzeugen

Ich habe einen Fork von shournal angelegt und daraus basierend eigene DEB-Pakete erzeugt.

Paket einspielen

1

sudo apt install shournal*deb

Benutzer konfigurieren

Gruppe

1

sudo adduser $USER shournalk

Startskript

Datei $HOME/.bashrc:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

--- .bashrc.orig    2023-12-24 09:41:13.133762060 +0100
+++ .bashrc  2023-12-24 09:46:27.019604883 +0100
@@ -2,6 +2,15 @@
 # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
 # for examples

+test -s /usr/share/shournal/SOURCE_ME.bash && {
+  id|grep "shournalk" >/dev/null && {
+    HISTCONTROL=ignoredups:erasedups # NOT ALLOWED: ignorespace,ignoreboth
+    HISTSIZE=10000
+    source /usr/share/shournal/SOURCE_ME.bash
+    SHOURNAL_ENABLE
+  }
+}
+
 # If not running interactively, don't do anything
 case $- in
     *i*) ;;
@@ -10,13 +19,13 @@

 # don't put duplicate lines or lines starting with space in the history.
 # See bash(1) for more options
-HISTCONTROL=ignoreboth
+#HISTCONTROL=ignoreboth

 # append to the history file, don't overwrite it
 shopt -s histappend

 # for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
-HISTSIZE=
+#HISTSIZE=
 HISTFILESIZE=
 HISTTIMEFORMAT="[%F %T] "

Empfehlung laut Doku:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

+++ .bashrc 2023-12-24 09:41:32.945781058 +0100
@@ -1,6 +1,13 @@
 # ~/.bashrc: executed by bash(1) for non-login shells.
 # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
 # for examples
+if [[ -n ${SGE_O_WORKDIR+x} || (
+     -n ${BASH_EXECUTION_STRING+x} &&
+    ( -n ${SSH_CLIENT+x} || -n ${SSH_TTY+x} )
+    ) ]]; then
+    source /usr/share/shournal/SOURCE_ME.bash
+    SHOURNAL_ENABLE
+fi

 # If not running interactively, don't do anything
 case $- in

Test

Kommandozeilenfenster öffnen und darin starten: google-chrome-stable. In Chrome dann “dbeaver” herunterladen, Chrome beenden.

Nun:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

$ shournal -q --history 6
cmd-id 62 $?=0 2023-12-25 09:07-09:07 $ -bash --login -c \/usr\/lib\/dptools\/bin\/_home-bin\.sh 
Working directory: /home/uli
cmd-id 66 $?=0 2023-12-25 09:09-09:10 $ google-chrome-stable  
Working directory: /home/uli
session-uuid LH8mlKI5Ee6/4be4GFd0/A== 
  2 written files:
     /home/uli/Downloads/dbeaver-ce-23.3.1-linux.gtk.x86_64-nojdk.tar.gz.crdownload (49.33 MiB) Hash: 14970860470246132306 
     /home/uli/Downloads/dbeaver-ce-23.3.1-linux.gtk.x86_64-nojdk.tar.gz.crdownload (87.49 MiB) Hash: 14057586412973804347 
  151 read files:
     /home/uli/Downloads/Linphone-5.2.0.AppImage (99.73 MiB) Hash: 10227388243102166187 id 13 
     /home/uli/Downloads/thunderbird-115.5.1.tar.bz2.urls (120 bytes) Hash: 18257325448960845778 id 15 
     /home/uli/Downloads/TheiaBlueprint-1.43.0_2023-10-30.AppImage (228.65 MiB) Hash: 2775832597748959285 id 16 
     /home/uli/Downloads/TheiaBlueprint-1.43.0_2023-10-30.AppImage.urls (138 bytes) Hash: 7166449546445835035 id 17 
     /home/uli/Downloads/betterbird-115.5.1-bb19.de.linux-x86_64.tar.bz2.urls (97 bytes) Hash: 5776123353140355089 id 18 
     /home/uli/Downloads/ideaIC-2023.3.1.tar.xz.urls (74 bytes) Hash: 2720745084275754226 id 19 
     /home/uli/Downloads/ideaIC-2023.3.1.tar.xz.ssh-sig (644 bytes) Hash: 14374992145157575518 id 20 
     /home/uli/Downloads/firefox-117.0.1.tar.bz2.urls (112 bytes) Hash: 12172286948915908929 id 21 
     /home/uli/Downloads/node-v20.10.0-linux-x64.tar.xz.urls (64 bytes) Hash: 8085153292226173835 id 22 
     /home/uli/Downloads/thunderbird-115.4.3.tar.bz2.urls (120 bytes) Hash: 9670593264044853503 id 23 
     ... and 141 more files.
cmd-id 63 $?=0 2023-12-25 09:10-09:10 $ -bash --login -c \/usr\/lib\/dptools\/bin\/dptools-add-message\.sh -q Viruscheck\ ok\ f\�\�r\ \'\/home\/uli\/Downloads\/\.com\.google\.Chrome\.OOcU5o\' 
Working directory: /home/uli
cmd-id 64 $?=0 2023-12-25 09:10-09:10 $ -bash --login -c \/usr\/lib\/dptools\/bin\/dptools-add-message\.sh -q Viruscheck\ ok\ f\�\�r\ \'\/home\/uli\/Downloads\/dbeaver-ce-23\.3\.1-linux\.gtk\.x86_64-nojdk\.tar\.gz\.crdownload\' 
Working directory: /home/uli
cmd-id 65 $?=0 2023-12-25 09:10-09:10 $ -bash --login -c \/usr\/lib\/dptools\/bin\/dptools-add-message\.sh -q Viruscheck\ ok\ f\�\�r\ \'\/home\/uli\/Downloads\/dbeaver-ce-23\.3\.1-linux\.gtk\.x86_64-nojdk\.tar\.gz\' 
Working directory: /home/uli
cmd-id 67 $?=0 2023-12-25 09:11-09:11 $ shournal -q --history 3 
Working directory: /home/uli
session-uuid LH8mlKI5Ee6/4be4GFd0/A==

Man kann erkennen, dass “dbeaver” heruntergeladen wurde. Leider sieht man unterhalb von Chrome nur die verfremdeten Dateinamen.

Links

Historie

  • 2023-12-24 – Erste Version