登录用户操作命令记录
#############
#用户操作审计
#############
目录:/opt/bin/rtrace.sh
mkdir /opt/slogs mkdir /opt/bin chmod -R 755 /opt/bin chmod 777 /opt/slogs chattr +a /opt/slogs
##############################
$ cat /opt/bin/rtrace.sh #!/bin/bash umask 277 LOGDIR=/opt/slogs [ ! -d ${LOGDIR} ] && /bin/mkdir -p -m 500 ${LOGDIR} chmod 600 ${LOGDIR}/*.log 2>/dev/nu11 #find ${LOGDIR} -name \*.1og -ctime +30 exec gzip {} \; waistr=`/usr/bin/who am i | awk ' {print $2"!” $6"!"$1}'` U_ TTY= ` echo ${waistr} | awk -F! '{print $1}' ` LOGFROM=` echo ${waistr} | awk -F! '{print $2}'` LOGUSER=` echo ${waistr} | awk -F! '{print $NF}'` [ -z ${LOGUSER} ] && LOGUSER=`/usr/bin/whoami` echo `date +%Y%m%d%H%M%S` :${LOGUSER}" -> "` /bin/basename $HOME `: ${LOGFROM} >>${LOGDIR}/loginfo.trc echo "***************************************************************" echo "* Attention: Auditing process will report your every action ! " echo "* warning: Don't delete any files in directory $ {LOGDIR} ! ! " echo "***************************************************************" if [[ -n ${U_ TTY} ]] then UTTY=` echo ${U_TTY} | sed 's/\//-/'` LOG="${LOGDIR}/`date +%F_%T`${UTTY}${LOGUSER}.1og" [ -d ${LOGDIBY} ] && exec script $LOG ||/bin/bash fi
###############################
在/etc/profile 加上
[ -x /opt/bin/rtrace.sh ] && exec /opt/bin/rtrace.sh
适用于全部用户包括root
