Linux View/Manage the current logged-in user and user action history __linux

Source: Internet
Author: User
Tags chmod mkdir pkill
reproduced from: http://www.cnblogs.com/gaojun/archive/2013/10/24/3385885.html first, view and manage the currently logged-on user

1. Use the W command to view the process information that the logged-in user is using,the W command to display the names of the users who have logged on to the system, and what they are doing. The information used by this command originates from the/var/run/utmp file. The information output from the W command includes: User name user's machine name or the time of the TTY number remote host address user logon system Idle time (not much) time spent (jcpu time) of a process attached to a TTY (terminal) The current process time (pcpu time) The user is currently using the command

W
23:04:27 up,  7:51,  3 users,  load average:0.04, 0.06, 0.02
USER TTY from              login@< C12/>idle   jcpu   pcpu WHAT
Ramesh   pts/0 10.1.80.56 22:57    8.00s  0.05s  0.01s Sshd:ramesh [Priv]
Jason    pts/1    10.20.48          23:01    2:53   0.01s  0.01s- Bash
John     pts/2    10.1.80.7         23:04    0.00s  0.00s  0.00s W

In addition, you can use who am I to view the users and processes using the command, and use who to view all logged in user process information, which is similar to the view commands;

2, use the Pkill force to quit the logged in user

Use Pkill to end the process of the current logged-on user, forcing the user to log out, using the W command;

First: Use W to view the currently logged-on user, note the logon process terminal number as shown in TTY

Second: Use pkill–9-t pts/1 to end the user login for the PTS/1 process (depending on the IP address or host number of from) Two, view the operation history of all logged-in users

In the Linux system environment, whether the root users or other users only access to the system after the entry operation we can through the command history to view the history, but if a server many people landing, one day because someone mistakenly operation deleted important data. This is meaningless by viewing the history (Command: History) (because history is only valid for logged-in users, even if the root user cannot get other users histotry history). Is there any way to achieve the historical record by recording the IP address and the user name after the login? Answer: Yes.

By adding the following code inside the Vi/etc/profile, you can implement: (enter VI press I into insert mode.) Press ESC to cancel insert mode after entering the following code, press: Enter command input WQ save exit

ps1= "' WhoAmI ' @ ' hostname ':" ' [$PWD] '
History
user_ip= ' who-u am I 2>/dev/null| awk ' {print $NF} ' |sed-e ' s/[()]//g '
If ["$USER _ip" = "]
Then
User_ip= ' hostname '
Fi
if [!-d/tmp/dbasky]
Then
Mkdir/tmp/dbasky
chmod 777/tmp/dbasky
Fi
if [!-d/tmp/dbasky/${logname}]
Then
Mkdir/tmp/dbasky/${logname}
chmod 300/tmp/dbasky/${logname}
Fi
Export histsize=4096
dt= ' Date ' +%y-%m-%d_%h:%m:%s '
Export histfile= "/tmp/dbasky/${logname}/${user_ip} Dbasky. $DT"
chmod 600/tmp/dbasky/${logname}/*dbasky* 2>/dev/null

Source/etc/profile use script to take effect

Exit user, log in again

The above script creates a new Dbasky directory at the system's/TMP, records all the users and IP addresses (filenames) of the logged on system, and whenever the user logs in/exits to create the corresponding file that preserves the history of the user during the logon period, this method can be used to monitor the security of the system.

Root@zsc6:[/tmp/dbasky/root]cat 10.1.80.47 dbasky.2013-10-24_12:53:08

View the root operation command history from the 10.1.80.47 login at 12:53:08

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.