linux 记录所有用户操作行为包括访问ip

vi init_histroy.sh

sudo mkdir -p /var/log/usermonitor/
sudo echo usermonitor >/var/log/usermonitor/usermonitor.log
sudo chown nobody:nobody /var/log/usermonitor/usermonitor.log
sudo chmod 002 /var/log/usermonitor/usermonitor.log
sudo chattr +a /var/log/usermonitor/usermonitor.log

echo "" >> /etc/profile
echo "export HISTORY_FILE=/var/log/usermonitor/usermonitor.log" >> /etc/profile
echo export PROMPT_COMMAND='{ date "+%y-%m-%d %T ##### $(who am i |awk "{print \$1\" \"\$2\" \"\$5}")  #### $(id|awk "{print \$1}") #### $(history 1 | { read x cmd; echo "$cmd"; })"; } >>$HISTORY_FILE' >> /etc/profile
source /etc/profile
cat /var/log/usermonitor/usermonitor.log

1.创建用户审计文件存放目录和审计日志文件 ；
mkdir -p /var/log/usermonitor/


2.创建用户审计日志文件；
echo usermonitor >/var/log/usermonitor/usermonitor.log


3.将日志文件所有者赋予一个最低权限的用户；
chown nobody:nobody /var/log/usermonitor/usermonitor.log


4.给该日志文件赋予所有人的写权限；
chmod 002 /var/log/usermonitor/usermonitor.log


5.设置文件权限,使所有用户对该文件只有追加权限 ；
chattr +a /var/log/usermonitor/usermonitor.log


6.编辑/etc/profile文件，添加如下任意脚本命令；


代码1：


export HISTORY_FILE=/var/log/usermonitor/usermonitor.log
export PROMPT_COMMAND='{ date "+%y-%m-%d %T ##### $(who am i |awk "{print \$1\" \"\$2\" \"\$5}")  #### $(id|awk "{print \$1}") #### $(history 1 | { read x cmd; echo "$cmd"; })"; } >>$HISTORY_FILE'

代码2：


HISTTIMEFORMAT="%Y%m%d-%H%M%S: "
export HISTTIMEFORMAT
export HISTORY_FILE=/var/log/usermonitor/usermonitor.log
export PROMPT_COMMAND='{ command=$(history 1 | { read x y; echo $y; }); logger -p local1.notice -t bash -i "user=$USER,ppid=$PPID,from=$SSH_CLIENT,pwd=$PWD,command:$command"; } >>$HISTORY_FILE'

代码3：


export HISTORY_FILE=/var/log/usermonitor/usermonitor.log
PROMPT_COMMAND='{ date "+%Y-%m-%d %T ##### USER:$USER IP:$SSH_CLIENT PS:$SSH_TTY ppid=$PPID pwd=$PWD  #### $(history 1 | { read x cmd; echo "$cmd"; })";} >>$HISTORY_FILE'

7.使配置生效
source /etc/profile


8、查看日志


cat /var/log/usermonitor/usermonitor.log
————————————————
版权声明：本文为CSDN博主「热心市民刘先生?」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/qq_29163733/article/details/117436770