apt-history script
This morning I got a message from one of the servers I manage about a possible infection. Rkhunter wanted me to check this machine for infection, so I ran it on the server and got a warning about the /usr/bin/sudo file.
Then my desktop prompted me for updates and I noticed there was an update for the sudo package, this was a clue that the server might just have performed an automatic update.
I could have checked the log files but I was wondering if there was an easier way, then I found this script and life was simple.
function apt-history(){ case "$1" in install) cat /var/log/dpkg.log | grep 'install ' ;; upgrade|remove) cat /var/log/dpkg.log | grep $1 ;; rollback) cat /var/log/dpkg.log | grep upgrade | \ grep "$2" -A10000000 | \ grep "$3" -B10000000 | \ awk '{print $4"="$5}' ;; *) cat /var/log/dpkg.log ;; esac }
Install it in /root/.bashrc and just change to root and type:
apt-history upgrade
2012-05-17 06:41:53 upgrade sudo 1.7.2p1-1ubuntu5.3 1.7.2p1-1ubuntu5.4
http://linuxcommando.blogspot.ca/2008/08/how-to-show-apt-log-history.html
Comments
Post a Comment