Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to log in to Linux by logging in to IP. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

For Linux user action records, the history command is usually used to view the history, but if important data is deleted due to misoperation, the history command will not have any effect.

In fact, we can log in to the IP address to record the history of all user login operations! To do this, add the following script code to the end of the / etc/profile configuration file:

The code is as follows:

[root@server ~] # cat > > / etc/profile

> history

>

> USER= `whoami`

>

> USER_IP= `who-u am i 2 > / dev/null | awk'{print $NF}'| sed-e's / [()] / / g``

>

> if ["$USER_IP" = ""]; then

> USER_IP= `hostname`

> fi

>

> if [!-d / tmp/history]; then

> mkdir / tmp/history

> chmod 777 / tmp/history

> fi

>

> if [!-d / tmp/history/$ {LOGNAME}]; then

> mkdir / tmp/history/$ {LOGNAME}

> chmod 300 / tmp/history/$ {LOGNAME}

> fi

>

> export HISTSIZE=4096

>

> DT= `date + "% Y-%m-%d_%H:%M:%S" `

>

> export HISTFILE= "/ tmp/history/$ {LOGNAME} / ${USER} @ ${USER_IP} _ history.$DT"

>

> chmod 600 / tmp/history/$ {LOGNAME} / * history* 2 > / dev/null

>

> EOF

[root@server ~] # source / etc/profile

[root@server ~] # logout

# at this point, you need to log out of the system and log in again, which can only be recorded in the / tmp/history/ directory

From the script code above, you can see that under the / tmp of the system, a new history directory is created (this directory can be customized), in which all users who have logged in to the system and IP addresses are recorded, which is also one of the ways to monitor system security. After a series of operations, we go to the / tmp/history directory to view the history:

The code is as follows:

[root@server ~] # cd / tmp

[root@server tmp] # ll

Total 24

Drwx- 2 root root 4096 2012-10-11 gconfd-root

Drwxrwxrwx 3 root root 4096 2012-10-11 history

Drwx- 2 root root 4096 08-11 01:11 keyring-Ki8IOJ

Srwxr-xr-x 1 root root 0 2012-10-11 mapping-root

Srw- 1 root root 0 2012-10-11 scim-panel-socket:0-root

Drwx- 2 root root 4096 2012-10-11 ssh-jPPigl3182

Drwx- 2 root root 4096 10-10 21:16 ssh-KDmPtr3350

[root@server tmp] # cd history/

[root@server history] # ll

Total 4

Dmurwx-2 root root 4096 10-10 21:16 root

[root@server history] # cd root/

[root@server root] # ll

Total 4

-rw- 1 root root 37 10-10 21:16 root@192.168.1.96_history.2012-10-10 Qing 21 purl 16 purl 42

The above is the method shared by Xiaobian to record the log of all Linux users logging in through IP. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.