Linux uses Prompt_command to implement command audits

On-line check the implementation of the command audit is probably the following several:

I can't find it, I'll add it sometime.

The following environments are based on CentOS 6

# History Time Formatsed-I.'/^histsize/a histtimeformat= "%F%T"'/etc/profile# Command AuditCat>/etc/profile.d/cmd_log.SH<<'EOF'readonly Prompt_command='{cmd=$ (History 1 | {Read a B c D; echo "$d";}); msg=$ (Who am I |awk "{print \$2,\$5}") Logger-i-P local1.notice "$msg $USER $PWD # $cmd"; }'eof# modifying Rsyslogsed-I.'[email protected]*\.info.*@*.info;mail.none;authpriv.none;cron.none;local1.none/var/log/[email protected] '/etc/rsyslog.confsed-I.'/^local7/a Local1.notice/var/log/cmd.log'/etc/rsyslog.conf/etc/init.d/rsyslog restart# cmd.log Log PollingCat>/etc/logrotate.d/cmd_log <<'EOF'/var/log/Cmd.log {monthly Missingok rotate Asharedscripts postrotate/bin/Kill-hup 'Cat/var/run/syslogd.pid2>/dev/NULL`2>/dev/NULL||trueEndscript} EOF

The above does not use/etc/logrotate.d/syslog to turn/var/log/cmd.log, because the syslog default period is the use of/etc/ Logrotate.conf Weekly rotation of a file, login system beat the command not so much, custom one months time rotation.

[Email protected] ~]#Cat/etc/logrotate.d/syslog/var/log/Cron/var/log/Maillog/var/log/Messages/var/log/Secure/var/log/spooler{sharedscripts postrotate/bin/Kill-hup 'Cat/var/run/syslogd.pid2>/dev/NULL`2>/dev/NULL||trueEndscript} [[Email protected]~]#Head/etc/logrotate.conf # See"Mans Logrotate"  fordetails# rotate log files weeklyweekly# keep4weeks worth of backlogsrotate4# Create new (empty) log files after rotating old onescreate
　　

Linux uses Prompt_command to implement command audits