apt-history script

This morning I got a message from one of the servers I manage about a possible infection. Rkhunter wanted me to check this machine for infection, so I ran it on the server and got a warning about the /usr/bin/sudo file.

Then my desktop prompted me for updates and I noticed there was an update for the sudo package, this was a clue that the server might just have performed an automatic update.

I could have checked the log files but I was wondering if there was an easier way, then I found this script and life was simple.

function apt-history(){
      case "$1" in
        install)
              cat /var/log/dpkg.log | grep 'install '
              ;;
        upgrade|remove)
              cat /var/log/dpkg.log | grep $1
              ;;
        rollback)
              cat /var/log/dpkg.log | grep upgrade | \
                  grep "$2" -A10000000 | \
                  grep "$3" -B10000000 | \
                  awk '{print $4"="$5}'
              ;;
        *)
              cat /var/log/dpkg.log
              ;;
      esac
}

Install it in /root/.bashrc and just change to root and type:

apt-history upgrade
2012-05-17 06:41:53 upgrade sudo 1.7.2p1-1ubuntu5.3 1.7.2p1-1ubuntu5.4




http://linuxcommando.blogspot.ca/2008/08/how-to-show-apt-log-history.html

Popular Posts