通過登入IP記錄Linux所有用戶登錄所操作的日誌(轉載)
轉載於:https://blog.csdn.net/b108074013/article/details/48165981
1.首先在/etc/profile.d/文件夾下面添加如下腳本
[root@lw ~]# vim /etc/profile.d/user_all_history.sh
# History
USER=`whoami`
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
if [ "$USER_IP" = "" ]; then
USER_IP=`hostname`
fi
if [ ! -d /usr/local/history ]; then
mkdir /usr/local/history
chmod 777 /usr/local/history
fi
if [ ! -d /usr/local/history/${LOGNAME} ]; then
mkdir /usr/local/history/${LOGNAME}
chmod 300 /usr/local/history/${LOGNAME}
fi
export HISTSIZE=10000
DT=`date +"%Y-%m-%d_%H:%M:%S"`
export HISTFILE="/usr/local/history/${LOGNAME}/${USER}@${USER_IP}_history.$DT"
chmod 600 /usr/local/history/${LOGNAME}/*history* 2>/dev/null
2. 使腳本生效
[root@lw ~]# source /etc/profile.d/user_all_history.sh
3.退出系統再重新登錄,在/usr/local/history/目錄下才有記錄
[root@lw ~]# cd /usr/local/history/root/
[root@lw root]# ll
總用量 28
-rw------- 1 root root 262 10月 16 22:00 [email protected]_history.2019-10-16_22:00:27
-rw------- 1 root root 130 10月 16 22:02 [email protected]_history.2019-10-16_22:00:47
-rw------- 1 root root 138 10月 16 22:04 [email protected]_history.2019-10-16_22:02:18
-rw------- 1 root root 98 10月 16 22:05 [email protected]_history.2019-10-16_22:04:59
-rw------- 1 root root 85 10月 15 16:53 [email protected]_history.2019-10-15_16:53:41
-rw------- 1 root root 95 10月 15 19:06 [email protected]_history.2019-10-15_16:53:49
-rw------- 1 root root 212 10月 15 19:05 root@lw_history.2019-10-15_16:48:38
[root@lw root]# cat root@lw_history.2019-10-15_16:48:38
vim /etc/profile.d/user_all_history.sh
source /etc/profile.d/user_all_history.sh
chmod 400 /etc/profile.d/user_all_history.sh
cd /etc/profile.d/
ll
chmod 644 user_all_history.sh
ll
source user_all_history.sh
4.如果想只有root可見可以如下設置
[root@lw ~]# chmod 400 /etc/profile.d/user_all_history.sh