shell_history

by | posted: October 12, 2018 0 Comment
Name: shell_history
Retrieves the command history, per user, by parsing the shell history files.: Identify actions taken. Useful for compromised hosts.

Query: 
select * from users join shell_history using (uid);
Additional Query Info:
Version: 1.4.5
Platform: posix
Interval: 86400

JSON: 
{
  "queries": {
    "shell_history": {
      "query" : "select * from users join shell_history using (uid);",
      "interval" : "86400",
      "platform" : "posix",
      "version": "1.4.5",
      "description" : "Retrieves the command history, per user, by parsing the shell history files.",
      "value" : "Identify actions taken. Useful for compromised hosts."
    }
  }
}
OSquery

admin

View all posts by admin »»

Recent Posts

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com