我有一个 Ubuntu 桌面,许多其他用户都在使用它。是否有选项或命令可以检查特定用户安装的所有软件包/应用程序。
谢谢
答案1
我写了一个解析身份验证日志的脚本。基本思想是,任何安装试图需要 sudo 和 polkit 的身份验证。
脚本不会列出安装尝试是否成功 - 仅列出用户尝试安装某些内容的事实;此功能可能会在将来添加。原因是解析困难 - 身份验证尝试会列出尝试的命令,但 apt 和 dpkg 日志实际上会列出已成功的内容,但不会提及谁安装了什么。
该脚本可以区分它是通过命令行还是 GUI 工具(使用-c
和-g
标志)完成的,以及按用户过滤(-u
标志)。
该脚本应该被管理员用作审核软件安装尝试的工具;可以通过筛选来验证安装是否成功dpkg --get-selections
该脚本也可以在 我的 github
<!-- language:bash -->
#!/usr/bin/env bash
#
###########################################################
# Author: Serg Kolo , contact: [email protected]
# Date: April 4, 2016
# Purpose: filtering installation attempts
# Written for:
# Tested on: Ubuntu 14.04 LTS
###########################################################
# Copyright: Serg Kolo , 2016
#
# Permission to use, copy, modify, and distribute this software is hereby granted
# without fee, provided that the copyright notice above and this permission statement
# appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
# DEALINGS IN THE SOFTWARE.
ARGV0="$0"
ARGC=$#
print_usage()
{
cat << EOF
Usage: list_installs.sh [-c] [-g] [-u username] [-h]
The script parses authentication logs and filters
installation attempts based on whether they've been
done through gui, command-line, or particular
user. Note that it lists all attempts at authentica-
tion for software installation. It doesn't show
whether or not the installation succeeded.
Installations done via gui tools typically use
polkit, so entries don't show exact item that
has been installed, only the tool used -
/usr/bin/software-center for example. Hence,
date-stamps still have to be cross checked with
apt history logs
Note that authentication logs (auth.log) are
rotated as outlined in /etc/logrotate.conf ,
typically every 4 weeks. This may need to be
tuned by your system's administrator to list
installs over longer periods of time
EOF
}
dump_logs()
{
find /var/log/auth.log.*.gz | sort -r -V | xargs zcat > "$1"
cat /var/log/auth.log >> "$1"
}
generate_report()
{
awk '$0~/.*apt-get.*/||/.*dpkg.*/||/.*org\.debian\.apt\.install-or-remove-packages.*/\
{print $0;print "- - -"}' "$1" > /tmp/report.tmp
mv /tmp/report.tmp "$1"
}
gui_installs()
{
awk '$0~/org\.debian\.apt\.install-or-remove-packages/\
{ printf "%s %s %s ",$1,$2,$3;\
for(i=4;i<=NF;i++){\
if($i~/unix-user/){\
printf " %s ",$i; };\
if($i~/action/){\
printf "%s\n",$(i+1); next }\
}\
}' "$1"
}
cmd_installs()
{
awk '$0~/.*apt-get.*/||/.*dpkg.*/{\
printf "%s %s %s ",$1,$2,$3 ;\
for(i=1;i<=NF;i++){\
if($i~/sudo/||/pkexec/){\
printf " %s ",$(i+1)};\
if($i~/COMMAND/){\
for(j=i;j<=NF;j++)\
printf "%s ",$j\
}\
};
printf "\n" }' "$1"
}
parse_args()
{
local OPTIND opt
# no leading : means errors reported(which is what i want)
# : after letter means options takes args, no letter - no args
while getopts "cgu:h" opt
do
case ${opt} in
c) cmd_installs "$DUMPFILE"
;;
g) gui_installs "$DUMPFILE"
;;
u) UNAME="${OPTARG}"
echo ">>> CMD INSTALLS <<<"
cmd_installs "$DUMPFILE" | grep $UNAME
echo ">>> GUI INSTALLS <<<"
gui_installs "$DUMPFILE" | grep $UNAME
;;
h) print_usage
;;
\?) echo "Invalid option: -$OPTARG" > /dev/stderr
;;
esac
done
shift $((OPTIND-1))
}
main()
{
local DUMPFILE="/tmp/auth.dump"
dump_logs "$DUMPFILE"
generate_report "$DUMPFILE"
parse_args "$@"
rm "$DUMPFILE"
}
main "$@"