In general, we can use the history command to view the user's operation record, but this command can not record which user logged in operation, and can not record the detailed operation time, and incomplete, so the wrong operation caused important data loss, it is difficult to find who is operating.
Here we use the script code to implement logging so that the user's login operation log:
Edit the/etc/profile file and add the following code at the end of the file:
First, add a line to record the real-time export histtimeformat= "%F%T ' Who am I|awk ' {print $} ' as ' WhoAmI ':"
Real-time flawed some root log records are not in place, so we are adding the following
[[email protected]/]# vi/etc/profile
historyuser= ' WhoAmI ' user_ip= ' who-u am I 2>/dev/null| awk ' {print $NF} ' |sed-e ' s/[()]//g "if [" $USER _ip "=" "]; thenuser_ip= ' hostname ' FIIF [!-d/var/log/history]; Thenmkdir/var/log/historychmod 777/var/log/historyfiif [!-d/var/log/history/${logname}]; Thenmkdir/var/log/history/${logname}chmod 300/var/log/history/${logname}fiexport HISTSIZE=4096DT= ' date + '%Y%m%d_% h:%m:%s "' Export histfile="/var/log/history/${logname}/${user}@${user_ip}_$dt "chmod 600/var/log/history/${logname }/*history* 2>/dev/null
Note: /var/log/history This is where the logging is stored and can be customized.
A new folder is created under/var/log/history with each user name.
[Email protected]/]# cd/var/log/history/
[[email protected] history]# lltotal 20d-wx------2 Test Dennishan 4096 Jul 4 12:06 testd-wx------2 jerryhe jerryhe 4096 Jul 4 14:12 Jerryhe
every time a user exits, a file with user name, login IP, and time will be generated, which contains this user's action
[[email protected] history]# CD jerryhe/[[email protected] jerryhe]# ls[email protected]_20130626_ 14:59:51[email protected]_20130628_14:40:26[email protected]_20130703_09:44:21[email protected] _20130703_11:18:40[email protected]_20130703_11:21:11[email protected]_20130703_14:21:49[email protected]_20130703_14:30:48[email protected]_20130704_13:37:19
Original Address http://www.heminjie.com/system/linux/412.html
From for notes (Wiz)
Logging of all user logins and operations logs under Linux