通過登入IP記錄Linux所有用戶登錄所操作的日誌(轉載)

原文鏈接：https://blog.csdn.net/b108074013/article/details/48165981

             通過登入IP記錄Linux所有用戶登錄所操作的日誌(轉載)

 轉載於：https://blog.csdn.net/b108074013/article/details/48165981

1.首先在/etc/profile.d/文件夾下面添加如下腳本

[root@lw ~]#  vim /etc/profile.d/user_all_history.sh
# History
USER=`whoami`
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`

if [ "$USER_IP" = "" ]; then
USER_IP=`hostname`
fi

if [ ! -d /usr/local/history ]; then
mkdir /usr/local/history
chmod 777 /usr/local/history
fi

if [ ! -d /usr/local/history/${LOGNAME} ]; then
mkdir /usr/local/history/${LOGNAME}
chmod 300 /usr/local/history/${LOGNAME}
fi

export HISTSIZE=10000
DT=`date +"%Y-%m-%d_%H:%M:%S"`

export HISTFILE="/usr/local/history/${LOGNAME}/${USER}@${USER_IP}_history.$DT"
chmod 600 /usr/local/history/${LOGNAME}/*history* 2>/dev/null

2. 使腳本生效

[root@lw ~]# source /etc/profile.d/user_all_history.sh

3.退出系統再重新登錄，在/usr/local/history/目錄下才有記錄

[root@lw ~]# cd  /usr/local/history/root/

[root@lw root]# ll
總用量 28
-rw------- 1 root root 262 10月 16 22:00 [email protected]_history.2019-10-16_22:00:27
-rw------- 1 root root 130 10月 16 22:02 [email protected]_history.2019-10-16_22:00:47
-rw------- 1 root root 138 10月 16 22:04 [email protected]_history.2019-10-16_22:02:18
-rw------- 1 root root  98 10月 16 22:05 [email protected]_history.2019-10-16_22:04:59
-rw------- 1 root root  85 10月 15 16:53 [email protected]_history.2019-10-15_16:53:41
-rw------- 1 root root  95 10月 15 19:06 [email protected]_history.2019-10-15_16:53:49
-rw------- 1 root root 212 10月 15 19:05 root@lw_history.2019-10-15_16:48:38

[root@lw root]# cat root@lw_history.2019-10-15_16:48:38
vim /etc/profile.d/user_all_history.sh
source /etc/profile.d/user_all_history.sh
chmod 400 /etc/profile.d/user_all_history.sh
cd /etc/profile.d/
ll
chmod  644  user_all_history.sh
ll
source user_all_history.sh

4.如果想只有root可見可以如下設置

[root@lw ~]# chmod 400 /etc/profile.d/user_all_history.sh