Linux for general user operation Audit

Objective:

Recently has been in the development of the audit system with Python, today inadvertently found a particularly useful gadget, I rejoice in the prosperous, especially recommended to you. Use the script and Scriptreplay commands to record all of the user's actions and provide a recording function. Well, the nonsense is not much to say, immediately start to configure it, in fact, very simple.

Practice:

Operating system: Centos6.5

Purpose: To record all operation Records of ordinary users

1, add the following content at the end of the/etc/profile file

[Email protected] ~]# tail-5/etc/profile

If [$UID-ge 500]; Thenname= ' WhoAmI ' mkdir/tmp/$name script-t 2>/tmp/$name/$USER-$UID-' date +%y%m%d%h%m '-a/tmp/$name/$USER- $UID-' Date +%y%m%d%h%m '. Logfi[[email protected] ~]#

2. Switch to normal user operation

[[email protected] ~]# ll /tmp/total 0[[email  protected] ~]# su - zdscript started, file is /tmp/zd/ Zd-500-201410111952.log[[email protected] ~]$ touch 1 [[email protected] ~] $ ls1  123  3[[email protected] ~]$ ll /tmp/total  4drwxrwxr-x 2 zd zd 4096 oct 11 19:52 zd[[email protected] ~ ]$ ll /tmp/zd/total 4-rw-rw-r-- 1 zd zd 379 oct 11 19:52  zd-500-201410111952-rw-rw-r-- 1 zd zd   0 oct 11 19:52  zd-500-201410111952.log[[email protected] ~]$ exitexitscript done, file is  /tmp/zd/zd-500-201410111952.log[[email protected] ~]$ exitlogout 

Note: The files that we need are already newly generated under the TMP directory

3. See what this average user has done

Scriptreplay/tmp/zd/zd-500-201410111952/tmp/zd/zd-500-201410111952.log

This is the replay of the video.

You can feel excited when you see the playback process. 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0022.gif "alt=" J_0022.gif "/>

This article is from the "Small Building-home" blog, please be sure to keep this source http://xiaodong88.blog.51cto.com/1492564/1562466

Linux for general user operation Audit