Logging wget commands is a simple proccess. Remember you will have to set permissions on binarys along with the directory. You dont want people looking to see what the new file is called. Generally, this is a excellent way to pickup problems, due to the fact most attacks now adays are automated and do not put in place checks.
What this simple but useful script does, is first you move the wget binary to a new file name, you extra security you can even move it to a completely different directory. Please remember your wget path will be different, from distro to distro, get the path by typing `whereis wget`
Now, lets move our wget to a new name, for this example I choose ekigrowbwo. For my specific distro wget is located in /usr/bin/wget
To move it we use the mv command, for more information on this command please read the man page, `man mv`
mv /usr/bin/wget /usr/bin/ekigrowbwo
This renames wget to /usr/bin/ekigrowbwo , now all we have to do is create our own wget script, so just open it up with nano,
nano /usr/bin/wget
Now place this simple script inside
#!/bin/bash
ME=`whoami`
TIME=`date`
DIR=`pwd`
echo "$TIME - $ME - $* - >> $DIR" >> /usr/bin/wget.log
/usr/bin/ekigrowbwo $1
and save and exit(ctrl+x)
Now you should have a simple script in your wget binary. Now create the log file, in the script it logs too /usr/bin/wget.log just create that with the touch command.
touch /usr/bin/wget.log
That is you all done, you have now created a simple yet effective wget script, Test it by typing `wget http://www.google.com`, then `cat /usr/bin/wget` , you should see what was downloaded, when, where and by whom.
I hope this helps you. |
