2

On ESXi Hypervisor, If I run a command on the terminal via SSH, the commands are logged in the shell.log file, i.e if i run this command

[root@esxi04:~] ls -la

then I can see this command in shell.log file as:

<164>2023-02-22T09:34:24.337Z test_host shell[68783]: [root]: ls -la

But If I use a shell script instead, like this

#!/bin/sh
echo "Test"
ls -la
find / -name "*.log" -exec /bin/rm -rf {} \;

and run this script, the commands executed are not logged in shell.log file.

Is there any way I can log all these commands run through shell script as well? How to do so?

Cool Guy
  • 21
  • 1
  • Why are you running shell scripts on the CLI? – Chopper3 Feb 23 '23 at 09:33
  • I am looking into something and, this scenario popped up. I need to confirm whether it logs or not and if not how to log them. – Cool Guy Feb 23 '23 at 09:42
  • ESXi is not a general purpose OS and shouldn't be used like one - there are APIs to achieve most if not all of your objectives, try to use it like it's supposed to be used. – Chopper3 Feb 23 '23 at 10:21
  • Well I saw a case where an attacker gained access to the ESXi and ran a malicious shell script. So, I'm trying to find the corresponding logs related to commands executed and also want to log them if not logged by default. – Cool Guy Feb 23 '23 at 11:43
  • Just ensure that you management interface is well protected by firewall, set strong passwords, keep the patching up to date and disable the CLI - then they can't get to it anyway. – Chopper3 Feb 23 '23 at 12:34

0 Answers0