linux系统记录用户操作命令

原创

陌欲浮世 2023-04-19 16:20:32 ©著作权

文章标签 linux 文章分类 运维

©著作权归作者所有：来自51CTO博客作者陌欲浮世的原创作品，请联系作者获取转载授权，否则将追究法律责任

#审计用户

    
mkdir -m 777 -p /tmp/log 2>&-

declare -r HISTTIMEFORMAT='%F %T ### '

declare -r HISTCONTROL=''

RSSHTTY=$(who am i |awk '{print $2}')

if [ "$SSH_CONNECTION" ];then  
   RSSH_CLIENTIP=$(echo $SSH_CONNECTION |awk '{ print $1}')  
   RSSH_HOSTIP=$(echo $SSH_CONNECTION |awk '{ print $3}')  
else  
   RSSH_CLIENTIP=$(who am i|awk '{print $5}' |sed 's/[()]//g')  
   RSSH_HOSTIP=$(ip addr | grep inet| grep -v 127.0.0.1 | grep -v inet6 |grep -v virbr| head -n 1 | awk -F/ '{print $1}' |  awk '{print $2}')

fi

RCMDLOG_FILE="/tmp/log/cmdlog.$(date +%F)"

[ -f $RCMDLOG_FILE -a -s $RCMDLOG_FILE ] || install -m 777 /dev/null $RCMDLOG_FILE 2>&-

RLOGIN_TIMESTAMP=`date +%s`


rsprompt_command() {

   RHISTCMD_PREV=$(history 1);RACTIONDATE=$(history 1|awk '{print $2" "$3}');RACTIONTIME=$(date -d "$RACTIONDATE" +%s)

   if [ "$RHISTCMD_BEFORE_LAST" != "$RHISTCMD_PREV" ] && [ "$RACTIONTIME" -ge "$RLOGIN_TIMESTAMP" ]; then  
      { date "+%F %T ### ${HOSTNAME} ### ${USER} ### ${RSSHTTY} ### ${RSSH_CLIENTIP} ### ${RSSH_HOSTIP} ### ${SSH_CONNECTION} ### ${PWD} ### $(history 1|awk "{\$1=\"\";print}")"; } 2>&- >> $RCMDLOG_FILE

   fi

   RHISTCMD_BEFORE_LAST=$RHISTCMD_PREV

}

declare -r PROMPT_COMMAND='rsprompt_command'

将以上内容写入

vim /etc/profile

source /etc/profile