Question 5: Use awk to find all lines where sudo was evoked and logged in the se

Question

Question 5: Use awk to find all lines where sudo was evoked and logged in the secure log file (given as q5.txt). Then print them in a nice format as shown in the image below.Write an awk script for it or do it in the command line as:

$ awk '{ … }' q5.txt

[ksvrinor@localhost lab05]$ awk "$ans" q5.txt

cxavier used sudo on Feb 15 20:19:37 to run command: /bin/bash

kscrivnor used sudo on Feb 16 12:49:30 to run command: /bin/systemctl httpd

expomarker used sudo on Feb 16 12:49:33 to run command: /bin/systemctl status httpd

kscrivnor used sudo on Feb 16 12:49:40 to run command: /bin/systemctl start httpd

kscrivnor used sudo on Feb 22 20:17:46 to run command: /bin/cat secure

kscrivnor used sudo on Feb 22 20:18:44 to run command: /bin/cat secure

crazyuser used sudo on Feb 22 20:19:16 to run command: /bin/bash

[kscrivnor@localhost lab05]$

Explanation / Answer

since i don't know the format of how log is stored in q5.txt

I am assuming the format as

username date command..for eg

crazyuser Feb 22 20:19:16  /bin/bash

kscrivnor Feb 22 20:17:46 sudo /bin/systemctl start httpd etc

awk '/sudo/ { col = ""; for (i = 7; i <= NF; i++) col = col $i " "; print $1" used sudo on "$2 $3 $4" to run command : " $6 " " s }' q5.txt

arguments like $1 , $2 are columns in the file as the default delimiter in space number of words in a line becomes the number of columns .. further $5 is skipped as sudo was not printed.

Related Questions

Navigate

• Browse (All)
• Browse Q
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.