Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to log every command executed by Linux users". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to log every command executed by Linux users.

In my work, I made a simple solution to the requirement that every command executed by the user needs to be recorded and sent to the log server. This scheme sends every command executed by the user to the log daemon rsyslogd when each user logs out, or you can further send the log to the log server by configuring "/ etc/rsyslog.conf".

* method # vi / etc/profile # set history format export HISTTIMEFORMAT= "[% Y-%m-%d% H:%M:%S] [`print 2 > / dev/null | awk'{print $NF}'| sed-e's / [()] / / g'`]" # record every command export PROMPT_COMMAND='\ if [- z "$OLD_PWD"] executed by shell; then export OLD_PWD=$PWD; fi If [!-z "$LAST_CMD"] & & ["$(history 1)"! = "$LAST_CMD"]; then logger-t `whoami` _ shell_cmd "[$OLD_PWD] $(history 1)"; fi; export LAST_CMD= "$(history 1)"; export OLD_PWD=$PWD;'

Here's the second way, which is stupid.

* * step: global setting (this is an one-time setting and requires root permission)

Command # vi / etc/profile

# this script is executed when the user logs in # sets the history display format export HISTTIMEFORMAT= "[% Y-%m-%d% H:%M:%S] [`print 2 > / dev/null | awk'{print $NF}'| sed-e's / [()] / / g'`]" # clear the current cache echo "> .bash _ history when logging in

Step 2: set it separately by different users

Command # source / etc/profile

Command # vi / home/user1/.bash_logout

# when the user logs out, the script tmpfile= "/ tmp/ `whoami` _ history.tmp" # records the formatted history to a file history > $tmpfile # reads the file, and sends the contents of the file to syslogd one line at a time. # Don't try to replace the following code with "history | logger" or "logger-f $tmpfile", otherwise you will only be able to record the first 200 lines. Kong1 while read line; do ((Khami +)) logger-t `whoami` _ shell_cmd "$line" done < $tmpfile rm-f $tmpfile

(repeat the second step if there are other users to monitor)

Step 3: send the log to the remote host (optional)

# vi / etc/rsyslog.conf # is added as below, IP can be changed by itself, or domain name can be used. @ means using UDP protocol, @ @ means using TCP protocol *. * @ 192.168.0.1

Inadequacies:

1. Cannot record commands and send log in real time

two。 To record the commands under the terminal desktop, you need to restart.

At this point, I believe you have a deeper understanding of "how to log every command executed by Linux users". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.