[Box-Admins] A bit of admin-fu: our policy about logging admin activity

Ken Causey ken at kencausey.com
Tue Oct 2 16:15:19 UTC 2012 

For those who are new and even as I reminder for those of us who are old
and now have poor memories:

Way back we started a policy, simple but helpful, of logging in a human
readable findable way what we as admins have done on the box.  Honestly
while I think I've done pretty well about this in the past I think I
probably slipped somewhat in the last few years.

Anyway, while I'm not sure if I'm supposed to or not, I'm starting out
on the assumption that I am free on the new box3-squeak to do what I
think needs to be done and begin to form (and reform) policy.  This is
all of course open to discussion.

So I think we should continue this tradition on the new box and am just
demonstrating here how I'm starting out.  This is not identical to how
we have done it on the old box but it's always been intended as a best
effort low friction solution.  I thought I would demonstrate what I have
done today to edify those with few *nix skills (yes, I know,
grandiose...) and showing the format I'm going with right now.  In the
long run it's probably more useful to use a simple text editor like nano
to add entries to the log than what I show below, but I thought I would
demonstrate how you could manage if you can't find an editor.  In short
I updated the apt databases and installed all package upgrades currently
available then installed the lvm2 package to investigate the disk space
issue.

root at box3-squeak:~# echo "20121002 Ken: apt-get update ; apt-get upgrade
Results (from log):
" > admin-log.txt

# Note that this is all one command line because when I hit the enter
key before closing
# the quoted string it knew to treat it as a continuation with a
linefeed inserted.  Also
# note that here I'm initially creating the file so I use the single '>'
to write to the
# file from the beginning, creating the file if necessary.  Note below
and from this point
# forward I use '>>' to append to the file.  Obviously this is rather
dangerous because
# with one missed character ('>' rather than '>>') you can completely
obliterate the log,
# and in fact I did just that myself but luckily I had the entire log
history in my command
# line history and it was easy to fix.  This is less of a problem if you
are using a proper
# text editor.  We might want to consider putting this and other
relevant files under a VCS
# like git.  Further this policy may need some rethinking now that we
plan for everyone
# to use their own account and utilize sudo.

root at box3-squeak:~# cat /var/log/apt/history.log >> admin-log.txt

# I could get away with the above (copying the entire log file into our
log) because I
# looked at it and found that my actions had effectively created the log
and it had no
# other content as of yet.

root at box3-squeak:~# echo "
20121002 Ken: apt-get install lmv2
Results (from log):" >> admin-log.txt

root at box3-squeak:~# tail -5 /var/log/apt/history.log >> admin-log.txt

# Where did the magic number 5 come from above?  Well I looked at the
end of the log file
# and manually counted the lines which was easy in this case.  Note that
the 5th line from
# the bottom of the file was a blank line, I copied that just as an easy
way to add a blank
# line above the newly added content.  Let me reiterate: this is just an
example and there
# are many ways to update the log file, most of which are better. 
Further including the
# content from the apt/history.log file is not a requirement, it was
just easy in this case.
# It would have been sufficient in the apt-get upgrade step to simply
list the packages
# that were upgraded in the process and in the install lvm2 step to list
if any other
# packages were installed to meet dependency requirements.

The result is:

root at box3-squeak:~# cat admin-log.txt
20121002 Ken: apt-get update ; apt-get upgrade
Results (from log):

Start-Date: 2012-10-02  17:37:09
Commandline: apt-get upgrade
Upgrade: libc6-xen:i386 (2.11.3-2, 2.11.3-4), libkrb5-3:i386
(1.8.3+dfsg-4squeeze5, 1.8.3+dfsg-4squeeze6), libc-bin:i386 (2.11.3-2,
2.11.3-4), libkrb5support0:i386 (1.8.3+dfsg-4squeeze5,
1.8.3+dfsg-4squeeze6), base-files:i386 (6.0squeeze4, 6.0squeeze6),
bind9-host:i386 (9.7.3.dfsg-1~squeeze4, 9.7.3.dfsg-1~squeeze7),
procps:i386 (3.2.8-9, 3.2.8-9squeeze1), dhcp3-client:i386
(4.1.1-P1-15+squeeze3, 4.1.1-P1-15+squeeze8),
gandi-hosting-agent-plugins-internal-unix:i386 (1.1-r6226, 1.1-r6503),
libdns69:i386 (9.7.3.dfsg-1~squeeze4, 9.7.3.dfsg-1~squeeze7),
libxslt1.1:i386 (1.1.26-6, 1.1.26-6+squeeze1), python-minimal:i386
(2.6.6-3+squeeze6, 2.6.6-3+squeeze7), libisccc60:i386
(9.7.3.dfsg-1~squeeze4, 9.7.3.dfsg-1~squeeze7), libexpat1:i386 (2.0.1-7,
2.0.1-7+squeeze1), libk5crypto3:i386 (1.8.3+dfsg-4squeeze5,
1.8.3+dfsg-4squeeze6), isc-dhcp-client:i386 (4.1.1-P1-15+squeeze3,
4.1.1-P1-15+squeeze8), openssh-client:i386 (5.5p1-6+squeeze1,
5.5p1-6+squeeze2), locales:i386 (2.11.3-2, 2.11.3-4), liblwres60:i386
(9.7.3.dfsg-1~squeeze4, 9.7.3.dfsg-1~squeeze7), gandi-hosting-agent:i386
(1.1-r5768, 1.1-r6503), python:i386 (2.6.6-3+squeeze6,
2.6.6-3+squeeze7), dpkg:i386 (1.15.8.12, 1.15.8.13), libxml2:i386
(2.7.8.dfsg-2+squeeze2, 2.7.8.dfsg-2+squeeze5), libbind9-60:i386
(9.7.3.dfsg-1~squeeze4, 9.7.3.dfsg-1~squeeze7), gandi-hosting-vm:i386
(1.0.0-r6230, 1.0.0-r7135), isc-dhcp-common:i386 (4.1.1-P1-15+squeeze3,
4.1.1-P1-15+squeeze8), file:i386 (5.04-5, 5.04-5+squeeze2),
debian-archive-keyring:i386 (2010.08.28, 2010.08.28+squeeze1),
sysvinit-utils:i386 (2.88dsf-13.1, 2.88dsf-13.1+squeeze1),
libisccfg62:i386 (9.7.3.dfsg-1~squeeze4, 9.7.3.dfsg-1~squeeze7),
tzdata:i386 (2011n-0squeeze1, 2012c-0squeeze1), libssl0.9.8:i386
(0.9.8o-4squeeze7, 0.9.8o-4squeeze13), openssl:i386 (0.9.8o-4squeeze7,
0.9.8o-4squeeze13), libgssapi-krb5-2:i386 (1.8.3+dfsg-4squeeze5,
1.8.3+dfsg-4squeeze6), sysv-rc:i386 (2.88dsf-13.1,
2.88dsf-13.1+squeeze1), libisc62:i386 (9.7.3.dfsg-1~squeeze4,
9.7.3.dfsg-1~squeeze7), libc6:i386 (2.11.3-2, 2.11.3-4),
openssh-server:i386 (5.5p1-6+squeeze1, 5.5p1-6+squeeze2),
initscripts:i386 (2.88dsf-13.1, 2.88dsf-13.1+squeeze1), sysvinit:i386
(2.88dsf-13.1, 2.88dsf-13.1+squeeze1), libmagic1:i386 (5.04-5,
5.04-5+squeeze2)
End-Date: 2012-10-02  17:37:53

20121002 Ken: apt-get install lmv2
Results (from log):

Start-Date: 2012-10-02  17:45:41
Commandline: apt-get install lvm2
Install: lvm2:i386 (2.02.66-5)
End-Date: 2012-10-02  17:45:43

Ken

More information about the Box-Admins mailing list