Objective:
Recently has been in the development of the audit system with Python, today inadvertently found a particularly useful gadget, I rejoice in the prosperous, especially recommended to you. Use the script and Scriptreplay commands to record all of the user's actions and provide a recording function. Well, the nonsense is not much to say, immediately start to configure it, in fact, very simple.
Practice:
Operating system: Centos6.5
Purpose: To record all operation Records of ordinary users
1, add the following content at the end of the/etc/profile file
[Email protected] ~]# tail-5/etc/profile
If [$UID-ge 500]; Thenname= ' WhoAmI ' mkdir/tmp/$name script-t 2>/tmp/$name/$USER-$UID-' date +%y%m%d%h%m '-a/tmp/$name/$USER- $UID-' Date +%y%m%d%h%m '. Logfi[[email protected] ~]#
2. Switch to normal user operation
[[email protected] ~]# ll /tmp/total 0[[email protected] ~]# su - zdscript started, file is /tmp/zd/ Zd-500-201410111952.log[[email protected] ~]$ touch 1 [[email protected] ~] $ ls1 123 3[[email protected] ~]$ ll /tmp/total 4drwxrwxr-x 2 zd zd 4096 oct 11 19:52 zd[[email protected] ~ ]$ ll /tmp/zd/total 4-rw-rw-r-- 1 zd zd 379 oct 11 19:52 zd-500-201410111952-rw-rw-r-- 1 zd zd 0 oct 11 19:52 zd-500-201410111952.log[[email protected] ~]$ exitexitscript done, file is /tmp/zd/zd-500-201410111952.log[[email protected] ~]$ exitlogout
Note: The files that we need are already newly generated under the TMP directory
3. See what this average user has done
Scriptreplay/tmp/zd/zd-500-201410111952/tmp/zd/zd-500-201410111952.log
This is the replay of the video.
You can feel excited when you see the playback process. 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0022.gif "alt=" J_0022.gif "/>
This article is from the "Small Building-home" blog, please be sure to keep this source http://xiaodong88.blog.51cto.com/1492564/1562466
Linux for general user operation Audit