At present, the company has several machines more important, need to record all the user's operation, so that is the reference material to complete
1. vim/etc/profile.d/oplogrc.sh
logdir=/opt/oploguserdir= $logdir/${logname}dt= ' date + '%y%m%d ' ' export histfile= '/$userdir/history. $DT "Export histtimeformat= "%F%T:" Export histsize=128export histfilesize=8192export prompt_command= "history-a" if [!-D $logdir]; Then mkdir-p $logdir chmod 777 $logdirfiif [!-D $userdir];then mkdir-p $userdir chmod $userdirfis Hopt-s histappendreadonly histfilereadonly histtimeformatreadonly histsizereadonly HISTFILESIZEreadonly PROMPT_ Commandreadonly histcmdreadonly Histcontrol
The file defines the directory where the history is recorded, and sets these environment variables to read-only
2. vim/opt/shells/optlogcron.sh
logdir=/opt/oploguserdir=$ (LS $logdir) dt= ' date + "%y%m%d" ' for user $userdir;d o hisfile= "$logdir/$user/history . $DT " if [!-F $hisfile];then touch $hisfile chown $user: $user $hisfile chmod $hisfile chattr + A $hisfile else lsattr $hisfile | awk ' {print '} ' | grep-v "a" &>/dev/null && chmod $HISFI Le && chattr +a $hisfile fi find-type f-size 0-mtime +1-exec chattr-a {} \; Find. -type f-size 0-mtime +1-exec rm-f {} \;d one
o The main purpose of the file is to let the log file with special permissions to prevent deletion, clear a day before the empty log.
3. Crontab-e
*/1 * * * */opt/shells/oplogcron.sh &>/dev/null
Execute every minute.
Linux Bash Operational Log audit (single server)