In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly explains "how to view all the historical operations of users in linux". The explanation in the article is simple and clear and easy to learn and understand. Please follow the editor's train of thought to study and learn "how to view all historical operations of users in linux".
Under linux, you can use the history command to view all the historical actions of the user, while the record of the shell command operation is saved by default in the .bash _ history file in the user directory. Through this file, you can query the execution history of shell commands, which is helpful for operation and maintenance personnel to carry out system audit and troubleshooting. At the same time, after the server is attacked by hackers, you can also query the historical command operations of hackers logging in to the server. However, after the intrusion, in order to erase the trace, the hacker will delete the .bash _ history file, which requires a reasonable backup of this file.
The default history command can only view the user's history of operations, but cannot distinguish when each user operates the command. This is quite inconvenient for troubleshooting. The workaround is to add the following four lines to the / etc/bashrc file to have the history command automatically record the execution time of all shell commands:
The copy code is as follows:
Histfilesize=4000
Histsize=4000
Histtimeformat='%f% t'
Export histtimeformat
Histfilesize represents the total number of records saved in the .bash _ history file. The default value is 1000. HistSize defines the total number of records output by the history command; histtimeformat defines the time display format, which is the same as the "+"% f% t "" after the date command; and histtimeformat passes the value to the history command as a time variable of history.
Advanced skills
Although the above one can record the time, it can not be used for audit purposes and can be easily tampered with or lost by hackers. The following method records in detail the user who logged in to the system, the ip address, the shell command, and the time of the detailed operation. The information is stored in a safe place in the form of a file for system audit and troubleshooting.
You can do this by putting the following code into the / etc/profile file.
The copy code is as follows:
# record history operation
User_ip= `who-u am i 2 > / dev/null | awk'{print $nf}'| sed-e's / [()] / / g``
Logname= `who-u am i | awk'{print $1}'`
Histdir=/user/share/.history
If [- z $user_ip]
Then
User_ip= `hostname`
Fi
If [!-d $histdir]
Then
Mkdir-p $histdir
Chmod 777$ histdir
Fi
If [!-d $histdir/$ {logname}]
Then
Mkdir-p $histdir/$ {logname}
Chmod 300$ histdir/$ {logname}
Fi
Export histsize=4000
Dt= `date + "% y%m%d_%h%m%s" `
Export histfile= "$histdir/$ {logname} / ${user_ip} .history. $dt"
Export histtimeformat= "[% y.%m.%d% h:%m:%s]"
Chmod 600$ histdir/$ {logname} / * .history* 2 > / dev/null
Thank you for your reading, the above is the content of "how to view all the historical operations of users in linux". After the study of this article, I believe you have a deeper understanding of how to view all the historical operations of users in linux. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.