with the development of the times, we know more and more computers in our lives, more and more hackers, for security purposes, we need to record the user's login and operation log; we need to understand what each user on the server does after logging in, and we need to record each user's action command.
The following content settings can be implemented under Linux for all users, whether remote or local login, all operations in this machine will be recorded, and generate a "user/ip/time/action instructions" files stored in the specified location.
1. Add the following information to the/etc/profile file
################## record information begins #################### #historyexport histtimeformat= "[%y.%m.%d %h: %m:%s] "user_ip= ' who -u am i 2>/dev/null| awk ' {print $NF} ' |sed -e ' s/[()]//g ' histdir=/var/log/.hist ## #日志存放路径if [ -z $USER _ip ]then user_ip= ' hostname ' fiif [ ! -d $HISTDIR ]then mkdir -p $HISTDIR chmod 777 $HISTDIRfiif [ ! -d $HISTDIR/$ {logname} ]then mkdir -p $HISTDIR/${logname} chmod 300 $HISTDIR/${logname}fiexport histsize=4096dt= ' date +%y%m%d_%h%m%s ' export Histfile= "$HISTDIR/${logname}/${user_ip}.hist. $DT" ## #日志生成格式, keep the default chmod 600 $HISTDIR /${logname}/*.hist* 2>/dev/null########################## End ############################
2. Make take effect with configuration
# Source/etc/profile
3. Check the generated log information after exiting the restart login
[Email protected] ~]# cd/var/log/.hist/root/[[email protected] root]# Ls192.168.206.1.hist.20170604_085436[[email Protected] root]# cat 192.168.206.1.hist.20170604_085436 #1496537687cd/var/log/.hist/#1496537688ls #1496537690cd root/#1496537691ls #1496537692ll#1496537695exit
4, Tips: Normal format to view the log information
[Email protected] root]# export Histfile=/var/log/.hist/root/192.168.206.1.hist.20170604_085436[[email protected] root]# history 1 [2017.06.04 08:55:04]CD/VAR/LOG/.HIST/ROOT/2 [2017.06.04 08:55:05]ls 3 [2017.06.04 08:55:1 0]cat 192.168.206.1.hist.20170604_085436 4 [2017.06.04 08:55:31] #history
At this point, all operations have been completed. If you have any questions, please contact: [Email protected]
This article is from the "Elephant" blog, make sure to keep this source http://zlyang.blog.51cto.com/1196234/1933865
Linux records all users ' Operation Records