Company Audit department required us to all the host system to add user behavior audit function, record user account login time and behavior information, I use a simple way to achieve the following, I briefly introduce the implementation of the method
Implementation steps:
1. Create user behavior log to store directory/var/audit, Directory gives 777 permissions (because all users have to write files to this directory)
mkdir -p/var/audit; chmod 777 /var/audit
2, modify the system environment variable file/etc/profile, File New user login record information, add the following content
# Add Log user behaviorexport histtimeformat= "%F%T" shopt-s cmdhistshopt-"" +%F%T") $ (whoami) login""+%f" )
3, modify the user home directory of the. bash_logout file, the user logged out when the user behavior information logging to the behavior log file, add the following (the system of existing users to add, the new users do not need to manually add)
#Add Log User behaviorhistory >>/var"+%f"-" "+%f%T") $ (whoami) logout" >>/var" +%f ")
4, add the following content in the user template file
The/etc/skel/.bash_logout file adds:
/var/Audit/$ (WhoAmI)-history-$ (date "+%f") history-"$ (date"+%f%T ") $ (WhoAmI) logout" >>/var/Audit/$ (WhoAmI)-history-$ (date "+%f")
Currently I have configured the configuration on the 2.127 server, the user audit log format is as follows:
Linux logs login time and behavior information for user accounts