First, view and manage the currently logged in user
1. Use the W command to view the process information that the logged-on user is using,and the W command to display the names of the users who have logged in to the system and what they are doing. The information used by this command originates from the/var/run/utmp file. The information for the W command output includes:
- User name
- User's machine name or TTY number
- Remote Host Address
- Time the user logged on to the system
- Idle time (little effect)
- The time taken to attach to the TTY (terminal) process (jcpu time)
- Time spent by current process (pcpu time)
- Commands that the user is currently using
W23:04:27 up (7:51), 3 users, load average:0.04, 0.06, 0.02USER TTY from [ Email protected] IDLE jcpu PCPU whatramesh pts/0 10.1.80.56 22:57 8.00s 0.05s 0.01s Sshd:ramesh [Priv]jason pts/1 10.20.48 23:01 2:53 0.01s 0.01s- Bashjohn pts/2 10.1.80.7 23:04 0.00s 0.00s 0.00s W
In addition, you can use who am I to view the users and processes using the command, using who to view all logged-in user process information, these viewing commands are similar;
2. Use Pkill to force the user to log out
Using Pkill can end the process of the currently logged on user, thereby forcing the user to log out, the use can be combined with the W command;
First: Use W to view the currently logged on user, and note the login process terminal number shown in the TTY
Second: User login with pkill–9-t pts/1 end PTS/1 process (can be judged by the IP address or host number of the From)
Second, view the operation history of all logged-in users
In the Linux system environment, whether it is the root user or other users only after logging on the system with the access to the operation we can see history through the command, but if a server many people landing, one day because someone mistakenly operation deleted the important data. It doesn't make sense to look at the history (Command: Historical) at this time (because history is only valid for the logged-on user, even if the root user does not have access to other user histotry histories). Is there any way to achieve history by logging the IP address and a user name after login? Answer: Yes.
This can be achieved by adding the following code to the/etc/profile:
ps1="' whoami ' @ ' hostname ': '[$PWD] '
History
user_ip= ' who-u am I 2>/dev/' s/[()]//g '
"" ]
Then
User_ip= ' hostname '
Fi
if [!-d/tmp/dbasky]
Then
Mkdir/tmp/dbasky
chmod 777/tmp/dbasky
Fi
if [!-d/tmp/dbasky/${logname}]
Then
Mkdir/tmp/dbasky/${logname}
chmod 300/tmp/dbasky/${logname}
Fi
Export histsize=4096
"+%y-%m-%d_%h:%m:%s" '
Export histfile="/tmp/dbasky/${logname}/${user_ip} Dbasky. $DT"
chmod 600/tmp/dbasky/${logname}/*dbasky* 2>/dev/null
Source/etc/profile use script to take effect
Quit user, sign in again
The above script in the system's/TMP to create a new Dbasky directory, logging all logged on the system users and IP address (file name), each time the user login/exit will create the corresponding file, which saves the user login period of operation history, you can use this method to monitor the security of the system.
[email protected] : [/tmp/dbasky/root]cat 10.1.80.47 dbasky.2013-10-24_12:53:08
last command to view the history of the system at any time (user information that has used the system) the
Last command can be used to display the history of a particular user's login system. If no parameters are specified, the history information for all users is displayed. By default, this information (the information displayed) is derived from the/var/log/wtmp file. The output of the command contains the following columns of information:
User name
TTY device number
History logon time date
Logout time date
Total working time
code example: last Jason
Jason Pts/0 dev-db-server Fri Mar 22:57 still logged in
Jason Pts/0 dev-db-server Fri Mar 27 22:09-22:54 (00:45)
Jason Pts/0 dev-db-server Wed Mar 25 19:58-22:26 (02:28)
Jason Pts/1 dev-db-server Mon Mar 16 20:10-21:44 (01:33)
Jason Pts/0 192.168.201.11 Fri Mar 13 08:35-16:46 (08:11)
Jason Pts/1 192.168.201.12 Thu Mar 12 09:03-09:19 (00:15)
Jason Pts/0 dev-db-server Wed Mar 11 20:11-20:50 (00:39
View/Manage current logged in user and user action history under Linux