Linux User Action Records we can see history by command, but if you delete important data because someone mistakenly manipulated it, then the Linux Historical command is basically not going to work much. How do we look at the Linux user operation record, there is no way to achieve by logging the IP address and a user name operation history? Answer: Yes.
The first step:
This can be achieved by adding the following code to the bottom of the/etc/profile:
ps1= "' WhoAmI ' @ ' hostname ':" ' [$PWD] ' historyuser_ip= ' who-u am I 2>/dev/null| awk ' {print $NF} ' |sed-e ' s/[()]//g "if [" $USER _ip "=" "]thenuser_ip= ' hostname ' FIIF [! -d/tmp/dbasky]thenmkdir/tmp/dbaskychmod 777/tmp/dbaskyfiif [!-d/tmp/dbasky/${logname}]thenmkdir/tmp/dbasky/${log Name}chmod 300/tmp/dbasky/${logname}fiexport histsize=4096dt= ' date ' +%y-%m-%d_%h:%m:%s ' ' Export HISTFILE= '/tmp/ DBASKY/${LOGNAME}/${USER_IP} Dbasky. $DT "chmod 600/tmp/dbasky/${logname}/*dbasky* 2>/dev/null
Save the file, exit, enter Source/etc/profile, let the environment take effect, or exit the terminal and log in again.
In fact, through the above code does not look out, in the System/TMP new Dbasky directory, in the directory record all the login system users and IP address, is not it convenient? We can also use this method to monitor the security of the system. This is another way to view Linux user action records.
Linux Server--all user login Operation command Audit