实时监控Linux服务器用户操做命令

时间 2019-11-06

原文原文链接

在/etc/profile 追加ide

export HISTORY_FILE=/var/log/history/userhistory.log
readonly PROMPT_COMMAND='{ date "+%y-%m-%d %T ##### $(who am i |awk "{print \$1\" \"\$2\" \"\$NF}")  #### $(id|awk "{print \$1}") #### $(history 1 | { read x cmd; echo "$cmd";})"; } >>$HISTORY_FILE'

重读 source /etc/profile便可生效.post

mkdir -p /var/log/history/ip

touch /var/log/history/userhistory.logcmd

在/etc/logrotate.d/新增配置文件 userhistoryit

/etc/loratate.d/userhistory 内容以下class

/var/log/history/userhistory.log {
        weekly
        notifempty
        prerotate
        /usr/bin/chattr -a /var/log/history/userhistory.log
        endscript
        postrotate
        /bin/chmod 002 /var/log/history/userhistory.log
        /usr/bin/chattr +a /var/log/history/userhistory.log
        endscript
}