#!/bin/sh

# history_strings.sh - by dual
# Finds suspect strings in shell history

# Verify root
if [ `whoami` != "root" ]; then
	echo ">>> $0 must run as root... exiting"
	exit
fi

# Declare
DATE=`date +'%F'`
HOSTNAME=`hostname`

# Print log header
echo >> ~/log/history_strings.log
echo >> ~/log/history_strings.log
echo "************************************************************" >> ~/log/history_strings.log
echo "$DATE: history_strings.sh log for $HOSTNAME" >> ~/log/history_strings.log
echo "************************************************************" >> ~/log/history_strings.log

# Find command history files
find /home -name .history > temp.log
find /home -name .bash_history >> temp.log
find /home -name .sh_history >> temp.log

# Grep each file for notable strings
for i in `cat temp.log`; do
	for j in `cat ~/bin/strings.txt`; do
		grep $j $i > /dev/null 2>&1 && echo "Suspect string found in $i: $j" >> ~/log/history_strings.log
	done
done

# Clean up
rm -f temp.log