在Linux中有個很重要的命令可以協助我們記錄曾經使用過的命令,對於後續排錯或者入侵檢測都是很有用。本文中把配置整理成一個指令碼,直接運行指令碼即可生效
#!/bin/bash
/bin/cp /etc/bashrc /etc/bashrc.`date +"%Y-%m-%d-%s"`
sed -i '/timestamp_history/,+10d' /etc/profile
grep "HISTTIMEFORMAT" /etc/profile >/dev/null || echo "export HISTTIMEFORMAT='%F %T '" >> /etc/profile
sed -i '/timestamp_history/,+10d' /etc/bashrc
/bin/cat >> /etc/bashrc <<EOF
timestamp_history(){
export infodate=\`date "+ %c"\` #記錄時間
export infohis=\`history 1|cut -c 8-\` #記錄運行命令
export user_ip=\`who -u am i 2>/dev/null | awk '{print \$NF}' | sed -e 's/[()]//g'\` #記錄使用者ip
export user=\`who -u am i 2>/dev/null | awk '{print \$1}'\` ##記錄使用者
echo \$infodate" => "\$user_ip" => "\$user" => "\$infohis >> /var/log/.history-timestamp
}
export PROMPT_COMMAND=timestamp_history
export HISTTIMEFORMAT="\`whoami\` "
export HISTCONTROL=ignoreboth
EOF
#每月備份一次
echo '/bin/mv /var/log/.history-timestamp /var/log/.history-timestamp.`date +"%Y-%m-%d-%s"`
touch /var/log/.history-timestamp
chmod 0772 /var/log/.history-timestamp' > /etc/cron.monthly/backup_history
/bin/chmod 755 /etc/cron.monthly/backup_history
運行後日子格式如下圖:
做好的指令碼可以放在一台web上面,其他機器直接通過命令去擷取安裝
wget -O - http://ip/setHis.sh | sh ; source /etc/bashrc
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
