reproduced from: http://www.cnblogs.com/gaojun/archive/2013/10/24/3385885.html
first, view and manage the currently logged-on user
1. Use the W command to view the process information that the logged-in user is using,the W command to display the names of the users who have logged on to the system, and what they are doing. The information used by this command originates from the/var/run/utmp file. The information output from the W command includes: User name user's machine name or the time of the TTY number remote host address user logon system Idle time (not much) time spent (jcpu time) of a process attached to a TTY (terminal) The current process time (pcpu time) The user is currently using the command
W
23:04:27 up, 7:51, 3 users, load average:0.04, 0.06, 0.02
USER TTY from login@< C12/>idle jcpu pcpu WHAT
Ramesh pts/0 10.1.80.56 22:57 8.00s 0.05s 0.01s Sshd:ramesh [Priv]
Jason pts/1 10.20.48 23:01 2:53 0.01s 0.01s- Bash
John pts/2 10.1.80.7 23:04 0.00s 0.00s 0.00s W
In addition, you can use who am I to view the users and processes using the command, and use who to view all logged in user process information, which is similar to the view commands;
2, use the Pkill force to quit the logged in user
Use Pkill to end the process of the current logged-on user, forcing the user to log out, using the W command;
First: Use W to view the currently logged-on user, note the logon process terminal number as shown in TTY
Second: Use pkill–9-t pts/1 to end the user login for the PTS/1 process (depending on the IP address or host number of from) Two, view the operation history of all logged-in users
In the Linux system environment, whether the root users or other users only access to the system after the entry operation we can through the command history to view the history, but if a server many people landing, one day because someone mistakenly operation deleted important data. This is meaningless by viewing the history (Command: History) (because history is only valid for logged-in users, even if the root user cannot get other users histotry history). Is there any way to achieve the historical record by recording the IP address and the user name after the login? Answer: Yes.
By adding the following code inside the Vi/etc/profile, you can implement: (enter VI press I into insert mode.) Press ESC to cancel insert mode after entering the following code, press: Enter command input WQ save exit
ps1= "' WhoAmI ' @ ' hostname ':" ' [$PWD] '
History
user_ip= ' who-u am I 2>/dev/null| awk ' {print $NF} ' |sed-e ' s/[()]//g '
If ["$USER _ip" = "]
Then
User_ip= ' hostname '
Fi
if [!-d/tmp/dbasky]
Then
Mkdir/tmp/dbasky
chmod 777/tmp/dbasky
Fi
if [!-d/tmp/dbasky/${logname}]
Then
Mkdir/tmp/dbasky/${logname}
chmod 300/tmp/dbasky/${logname}
Fi
Export histsize=4096
dt= ' Date ' +%y-%m-%d_%h:%m:%s '
Export histfile= "/tmp/dbasky/${logname}/${user_ip} Dbasky. $DT"
chmod 600/tmp/dbasky/${logname}/*dbasky* 2>/dev/null
Source/etc/profile use script to take effect
Exit user, log in again
The above script creates a new Dbasky directory at the system's/TMP, records all the users and IP addresses (filenames) of the logged on system, and whenever the user logs in/exits to create the corresponding file that preserves the history of the user during the logon period, this method can be used to monitor the security of the system.
Root@zsc6:[/tmp/dbasky/root]cat 10.1.80.47 dbasky.2013-10-24_12:53:08
View the root operation command history from the 10.1.80.47 login at 12:53:08