Linux Bash Operational Log audit (single server)

At present, the company has several machines more important, need to record all the user's operation, so that is the reference material to complete

1. vim/etc/profile.d/oplogrc.sh

logdir=/opt/oploguserdir= $logdir/${logname}dt= ' date + '%y%m%d ' ' export histfile= '/$userdir/history. $DT "Export histtimeformat= "%F%T:" Export histsize=128export histfilesize=8192export prompt_command= "history-a" if [!-D $logdir]; Then    mkdir-p $logdir    chmod 777 $logdirfiif [!-D $userdir];then    mkdir-p $userdir    chmod $userdirfis Hopt-s histappendreadonly histfilereadonly histtimeformatreadonly histsizereadonly HISTFILESIZEreadonly PROMPT_ Commandreadonly histcmdreadonly Histcontrol

The file defines the directory where the history is recorded, and sets these environment variables to read-only

2. vim/opt/shells/optlogcron.sh

logdir=/opt/oploguserdir=$ (LS $logdir) dt= ' date + "%y%m%d" ' for user $userdir;d o    hisfile= "$logdir/$user/history . $DT "    if [!-F $hisfile];then        touch $hisfile        chown $user: $user $hisfile        chmod $hisfile        chattr + A $hisfile    else        lsattr $hisfile | awk ' {print '} ' | grep-v "a" &>/dev/null && chmod $HISFI Le && chattr +a $hisfile    fi    find-type f-size 0-mtime +1-exec chattr-a {} \;    Find. -type f-size 0-mtime +1-exec rm-f {} \;d one

o The main purpose of the file is to let the log file with special permissions to prevent deletion, clear a day before the empty log.

3. Crontab-e

*/1 * * * */opt/shells/oplogcron.sh &>/dev/null

Execute every minute.

Linux Bash Operational Log audit (single server)