sudosh | helpful for audits – where sudo rights given to users

sudosh is a filter and can be used as a login shell. sudosh takes advantage of pty devices in order to sit between the user’s keyboard and a program, in this case a shell.

sudosh was designed specifically to be used in conjunction with sudo or by itself as a login shell. sudosh allows the execution of a root or user shell with logging. Every command the user types within the root shell is logged as well as the output.

This is different from “sudo -s” or “sudo /bin/sh” because when you use one of these or a similar method instead of sudosh to start a new shell then this new shell does not log commands typed in the new shell to syslog, only the fact that a new shell started is logged.
If this newly started shell supports commandline history then you can still find the commands called in the shell in a file such as .sh_history but if you use a shell such as csh that does not support command-line logging you are out of luck.
sudosh fills this gap. No matter what shell you use, all of the command lines are logged to syslog (including vi keystrokes.)

Sudosh records all keystrokes and output and can play back the session as just like a VCR using sudosh-replay.

Replacing same text in multiple files

If you have text you want to replace in multiple locations, there are several ways to do this. To replace the text Windows with Linux in all files in current directory called test[something] you can run this:

perl -i -pe 's/Windows/Linux/;' test*

To replace the text Windows with Linux in all text files in current directory and down you can run this:

find . -name '*.txt' -print | xargs perl -pi -e's/Windows/Linux/ig' *.txt

Or if you prefer this will also work, but only on regular files:

find -type f -name '*.txt' -print0 | xargs --null perl -pi -e 's/Windows/Linux/'

You Can use "sed" also

sed -i 's/piyushk/piyush/g' file_name

To find process start date & time

Get the process pid using ‘ps’  and read off the timestamp in the corresponding subdirectory in /proc.

example :

# pgrep java
# ls -ld /proc/16949
dr-xr-xr-x 5 root root 0 Mar  3 12:02 /proc/16949

OR more formatted like below 🙂

# ps -ef | grep java | grep ‘bootstrap.jar’ | awk ‘{print $2}’| tail -1 | xargs -i stat /proc/{} | grep Change: | awk -F’ ‘ ‘{split($3,a,”.”); print $2,a[1]}’

2009-03-03 12:02:25