Use Shell's Prompt_command to add log audit function to record any user's actions to log file in real time

Using Prompt_command to implement the command audit function:
Record what users, at what time, what to do, and then record the information found in a file.

Specific operation:

Append the following to/etc/profile:

############ #日志审计
chmod +s/usr/bin/chmod &>/dev/null #让普通用户能建立目录及文件
chmod +s/usr/bin/chown &>/dev/null #让普通用户能建立目录及文件
mkdir-p/var/log/history/${logname} #建立以用户名称命名的目录
chmod 777/var/log/history &>/dev/null
chown-r ${logname}./var/log/history/${logname} &>/dev/null
chmod 700/var/log/history/${logname} &>/dev/null
export history_file=/var/log/history/${logname}/' date ' +%y-%m-%d_%t '. Log &>/dev/null #自定义日志文件路径及名称
export prompt_command= ' {date + ' $ (Who am I-|awk "{print \$1\" \ "\$2\" \ "\$5}") $ (History 1 | {read x cmd; echo "$cmd";}) ";} >> $HISTORY _file ' &>/dev/null #将命令追加到日志文件
chmod 600/var/log/history/${logname}/* 2>/dev/null
chmod-s/usr/bin/chmod &>/dev/null #取消普通用户授权
chmod-s/usr/bin/chown &>/dev/null #取消普通用户授权

Save exit

Source/etc/profile

If no error indicates success.

Use the Shell's Prompt_command to add log auditing to record any user's actions to the log file in real time