LinuxÉó¼Æ¹¦ÄÜʵÏÖÁ½ÖÖʵÏÖ·½Ê½

LinuxÉó¼Æ¹¦ÄÜʵÏÖµÄÁ½ÖÖʵÏÖ·½Ê½£ºÓÉÓÚµ±Ç°ÍøÂ簲ȫºÜÎÊÌâºÜÍ»³ö£¬ºÚ¿ÍÃÇÓÖ¶¼ºÜÇ¿´ó£¬²»ÅÂÍ⻼£¬ÏñС¹«Ë¾²»×ã±»ºÚ¿Í¶¢×¡£¬¾ÍÅÂÄÚÓÇ£¬ÀúÊ·¼Ç¼ÔõôÄÜÉÙÄØ£¿linuxϵͳ±¾ÉíËäÈ»ÌṩÁËÀúÊ·ÃüÁîµÄ¼Ç¼¹¦ÄÜ£¨¼Ç¼ÔÚ£º~/.bash_history£©£¬Ä¬ÈÏÒ²ÄܼǼ1000ÌõÖ®¶à£¬µ«ÊÇÈÝÒ×±»Çå³ý£¬ÒÀÈ»²»°²È«£¬ËùÒÔÐèÒª²ÉÈ¡±ðµÄ·½Ê½¼Ç¼Ï·þÎñÆ÷²Ù×÷µÄÈÕÖ¾£¬ÕâÑù"»µµ°"½«ÎÞ´¦¿É¶Ý£¬ÏÂÃ潫½éÉÜÁ½ÖÖ¼òµ¥µÄʵÏÖ·½Ê½£º

µÚÒ»ÖÖ£º

#½«ÏÂÃæÕâ¶ÎÄÚÈÝÌí¼ÓÔÚ/etc/profileÎļþĩ⣬ÍêʺóÖ´ÐÐsource /etc/profileʹ֮ÉúЧ¡£[code]HISTSIZE=1000

HISTTIMEFORMAT="%Y/%m/%d %T ";export HISTTIMEFORMAT

export HISTORY_FILE=/var/log/audit.log

export PROMPT_COMMAND='{ thisHistID=`history 1|awk "{print \\$1}"`;lastCommand=`history 1| awk "{\\$1=\"\" ;print}"`;user=`id -un`;whoStr=(`who -u am i`);realUser=${whoStr[0]};logMonth=${whoStr[2]};logDay=${whoStr[3]};logTime=${whoStr[4]};pid=${whoStr[6]};ip=${whoStr[7]};if [ ${thisHistID}x != ${lastHistID}x ];then echo -E `date "+%Y/%m/%d %H:%M:%S"` $user\($realUser\)@$ip[PID:$pid][LOGIN:$logMonth $logDay $logTime] --- $lastCommand ;lastHistID=$thisHistID;fi; } >> $HISTORY_FILE'[/code]#È»ºó±ã¿É²é¿´ÊÇ·ñÉúЧÁËÄØ£¿[code][root@test2 ~]# cat /var/log/audit.log

2013/08/14 14:18:42 root(root)@[PID:(192.168.101.110)][LOGIN:2013-08-14 14:18 .] --- 2013/08/09 09:22:57 cat /etc/sysctl.conf

2013/08/14 14:19:16 root(root)@[PID:(192.168.101.110)][LOGIN:2013-08-14 14:18 .] --- 2013/08/14 14:19:16 cd /usr/local/nginx/conf/sites-enabled/

2013/08/14 14:19:17 root(root)@[PID:(192.168.101.110)][LOGIN:2013-08-14 14:18 .] --- 2013/08/14 14:19:17 ll

2013/08/14 14:19:27 root(root)@[PID:(192.168.101.110)][LOGIN:2013-08-14 14:18 .] --- 2013/08/14 14:19:27 cat awstats.conf

2013/08/14 14:21:04 root(root)@[PID:(192.168.101.110)][LOGIN:2013-08-14 14:18 .] --- 2013/08/14 14:21:04 cat /etc/profile[/code]µÚ¶þÖÖ£º

#½«ÏÂÃæÕâ¶ÎÄÚÈÝÌí¼ÓÔÚ/etc/profileÎļþĩ⣬ÍêʺóÖ´ÐÐsource /etc/profileʹ֮ÉúЧ¡£[code]function log2syslog

{

declare command

command=$(fc -ln -0)

logger -p local1.notice -t bash -i -- $SSH_CLIENT :$USER : $command

}

trap log2syslog DEBUG

[root@test2 u1]# tail -f -n100 /var/log/messages

Aug 16 18:22:36 test2 bash[4460]: -- 192.168.101.116 63383 22 :root : vim /etc/profile[/code]µÚ¶þÖÖ·½Ê½Ä¿Ç°ÓÐÒ»¸öȱÏݾÍÊÇÿ´Î¼Ç¼µÄÃüÁͬһÌõ»á³öÏÖ¶à´Î£¬ÕâÊÇ´ýÍêÉƵĵط½¡£

#¹þ¹þ£¬¾ÍËã"»µµ°"Ö´ÐÐÁËhistory -cÃüÁËûµÄ·¸×ï¼Ç¼Ҳ²»»á±»Ä¨É±µôµÄ£¬Õâ¾Í½Ð×ö"ÒªÏëÈ˲»Öª£¬³ý·Ç¼ºÄªÎª"£¬²»Òªµ±»µµ°Å¶¡£

×÷Õߣºlinuxblind