Security log configuration (retain history logs)-linux server

In linux, you can use the history command to view all the user's historical operation records. Without additional configuration, the history Command can only view user operation history, but cannot distinguish between user and operation time. The following describes how to configure these two functions: Solution 1: temporarily view the operation...

In linux, you can use the history command to view all the user's historical operation records.
Without additional configuration, the history Command can only view user operation history, but cannot distinguish between user and operation time.
 
The following describes how to configure these two functions:
 
Solution 1: temporarily View Operation Commands and corresponding operation time
After logging on to the system, enter the export HISTTIMEFORMAT = '% F % t' command in the system to query the time.
 
After configuration, the effect is displayed:
[Nxuser @ XXXXXX ~] $ Export HISTTIMEFORMAT = '% F % t'
[Nxuser @ XXXXXX ~] $ History
1 2011-09-06 11:42:38 history
2 2011-09-06 11:42:43 history | more
3 2011-09-06 11:43:24 more ~ /. Bash_history
4 2011-09-06 11:43:41 ll
However, this configuration is valid only for the current user.
 
Solution 2: Permanently save the configuration. you must be able to view the operation time of the corresponding operation records using the history Command.
 
Edit the/etc/bashrc file and add the following four lines:
HISTFILESIZE = 2000
History size = 2000
HISTTIMEFORMAT = '% F % t'
Export HISTTIMEFORMAT
 
After configuration, the effect is displayed:
[Root @ XXXXXXXX ~] $ History
1 2011-09-06 14:49:14 history
[Root @ XXXXXXXX ~] $

 
Solution 3: one-to-one correspondence between users, IP addresses, Operation Commands, and operation time that have logged on to the system
You can add the following code to/etc/profile:
# History
PS1 = "[\ u @ \ h \ W] \ $"
History
USER_IP = 'who-u am I 2>/dev/null | awk '{print $ NF}' | sed-e's/[()] // g''
If ["$ USER_IP" = ""]
Then
USER_IP = 'hostname'
Fi
If [! -D/tmp/dbasky]
Then
Mkdir/tmp/dbasky
Chmod 777/tmp/dbasky
Fi
If [! -D/tmp/dbasky/$ {LOGNAME}]
Then
Mkdir/tmp/dbasky/$ {LOGNAME}
Chmod 300/tmp/dbasky/$ {LOGNAME}
Fi
Export HISTSIZE = 4096
DT = 'date-d' 0 day' + \ % Y \ % m \ % d _ \ % H \ % M \ % s'
Export HISTFILE = "/tmp/dbasky/$ {LOGNAME}/dbasky @ $ {USER_IP} _ $ DT"
Chmod 600/tmp/dbasky/$ {LOGNAME}/* dbasky * 2>/dev/null
 
In fact, it is not difficult to see from the above code that a new dbasky directory is created in/tmp of the system, and all users and IP addresses that have logged on to the system are recorded in the directory.
 
After implementation, the effect is as follows:
[Root @ XXXXXX nxuser] $ ll
Total 8
-Rw ------- 1 nxuser nxgroup 15 Sep 6 dbasky@122.234.54.174 _ 20110907_230314
-Rw ------- 1 nxuser nxgroup 19 Sep 6 dbasky@122.234.54.174 _ 20110907_230439
[Root @ ZJ-WAP-SNMP nxuser] $ more dbasky@122.234.54.174 _ 20110907_230439
Ls
Ll
Free-m
Exit
[Root @ XXXXXXX nxuser] $ pwd
/Tmp/dbasky/nxuser
[Root @ XXXXXXX nxuser] $
 
However, after Solution 3 is configured, you can only view the commands operated on this logon by using the history Command. to view the previous logon history commands, you can view them through ~ /. Bash_History file.
 
Author "new arrival-Jasen"