#!/usr/bin/perl
# -----------------------------------------------
# Description:
# Checks the .bash_history file of every user
# for a certain command (i.e. "cat /etc/passwd" or "su -") 
# to make sure that none of your users are doing
# anything bad.. or at least leaving logs of it.. heh :)
# Scans user directories from /home
# Should be run as root unless the history files
# are world readable, which they should NOT be.
# ------------------------------------------------
system("clear");
print "UserCheck by bansh33 [www.r00tabega.com]\n\n";
@userlist = `ls -1 /home`;
print "Enter command to search for below:\n";
$command = <STDIN>;
chomp($command);
# Begin checking history file
foreach $user (@userlist) {
chomp($user);
print "\n\nScanning user $user\n";
print "----------------------\n";
open (hist, "/home/$user/.bash_history");
@hist = <hist>;
foreach $hist (@hist) {
if ($hist =~ "$command") {
print "Command found in /home/$user/.bash_history\n";
}
}
open (history, "/home/$user/.history");
@history = <history>;
foreach $history (@history) {
if ($hist =~ "$command") {
print "Command found in /home/$user/.history\n";
}}



}
print "\n\nDone. [www.r00tabega.com]\n";