Logs of all Linux User Logon operations are recorded by logging on to the IP address

Source: Internet
Author: User


Log on to the IP address to record the logs of all Linux User Logon operations. For Linux user operation records, the command history is generally used to view the historical records. However, if the records are deleted due to misoperations
In the case of important data, the history command will not be useful. What should we do if we still have historical operation records?
? In fact, we can log on to www.2cto.com by logging on to the IP address to record the historical operations of all user logon operations! The specific operation is in the/etc/profile
Add the following script code to the end of the configuration file: [root @ server ~] # Cat>/etc/profile <EOF> history> USER = 'whoam'> USER_IP = 'Who-u am I 2>/dev/null | awk' {print $ NF} '| sed-e's/[()] // g''> if ["$ USER_IP" = ""]; then> USER_IP = 'hostname'> fi> if [! -D/tmp/history]; then> mkdir/tmp/history> chmod 777/tmp/history> fi> if [! -D/tmp/history/$ {LOGNAME}]; then> mkdir/tmp/history/$ {LOGNAME}> chmod 300/tmp/history/$ {LOGNAME}> fi> export HISTSIZE = 4096> DT = 'date +" % Y-% m-% d _ % H: % M: % S "'> export HISTFILE ="/tmp/history/$ {LOGNAME}/$ {USER }@$ {USER_IP} _ history. $ DT "> chmod 600/tmp/history/$ {LOGNAME}/* history * 2>/dev/null> EOF [root @ server ~] # Source/etc/profile [root @ server ~] # Logout # log out of the system and log on again. The logs are recorded in the/tmp/history/directory.
The above script code shows that a new history directory (which can be customized) is created under/tmp of the system ), all users and IP addresses that have logged on to the system are recorded in the directory. This is also one of the methods for monitoring system security. After a series of operations, go to the/tmp/history directory to view the historical records: www.2cto.com [root @ server ~] # Cd/tmp [root @ server tmp] # ll total 24drwx ------ 2 root 4096 2012-10-11 gconfd-rootdrwxrwxrwx 3 root 4096 2012-10-11 historydrwx ------ 2 root 4096 08-11 0keyring-Ki8IOJsrwxr-xr-x 1 root 0 2012-10-11 mapping-rootsrw ------- 1 root 0 2012-10-11 scim-panel-socket: 0-rootdrwx ------ 2 root 4096 2012-10-11 ssh-jPPigl3182drwx ------ 2 root 4096 10-10 ssh-KDmPtr3350 [root @ server tmp] # cd history/[root @ server history] # ll total 4d-wx ------ 2 root 4096 10-10 root [root @ server history] # cd root/[root @ server root] # ll total 4-rw ------- 1 root 37 10-10 root@192.168.1.96_history.2012-10-10_21: 16: 42

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.