This system audit records users, times, and operations. Then, record the information to a file.
1. Configuration
1. Add the following two lines of code at the end of the/etc/profile file:
Export HISTORY_FILE =/var/log/'date' + % Y % m''. log
Export PROMPT_COMMAND = '{date "+ % Y-% m-% d % T ##### $ (who am I | awk" {print \ $1 \"\" \ $2 \ "\ $5 }") ####$ (history 1 | {read x cmd; echo "$ cmd" ;}) ";}>> $ HISTORY_FILE'
After adding, save and exit. In this way, any operation command will be viewed in/var/log/date. log. You can also customize directories or files. Allow others to view the data only if they cannot find it. You only need to modify
Export HISTORY_FILE =/var/log/'date' + % Y % m''. log
/Etc/profile: This file sets the environment information for each user in the system. When the user logs on for the first time, this file is executed. and from/etc/profile. the configuration file in the d directory Collects shell settings.
[Root @ node1 ~] #./Etc/profile or [root @ node1 ~] # Source/etc/profile
Make the change take effect. If no error is reported, the change is successful.
Verify whether there is data in the log
[Root @ node1 ~] # More/var/log/201107.log
17:29:08 ##### root pts/2 (192.168.23.250) ###./etc/profile
You can see that there is data in it.
You can also use
PROMPT_COMMAND = '{date "+ % Y-% m-% d % T ##### USER: $ user ip: $ SSH_CLIENT PS: $ SSH_TTY ####$ (history 1 | {read x cmd; echo "$ cmd" ;}) ";>>> $ HISTORY_FILE'
The command is different, but the result is the same.
This article is from the "badboy" blog