Centos系統添加系統用戶操作記錄審計
阿新 • • 發佈:2018-06-03
Centos 系統 添加 系統用戶 有時候我們需要對線上用戶操作記錄進行歷史記錄待出現問題追究責任人,,但Linux系統自帶的history命令用戶有自行刪除權限,那怎麽設置可以讓用戶的操作記錄實時記錄,並保證普通用戶無權刪除呢?
1.創建系統用戶shell命令行操作記錄日誌存放位置
1.創建系統用戶shell命令行操作記錄日誌存放位置
mkdir -p /var/log/userlogin/records/
chmod 777 /var/log/userlogin/records/
chmod +t /var/log/userlogin/records/
2.vim /etc/profile 在最後添加下面的代碼
if [ ! -d /var/log/userlogin/records/${LOGNAME} ] then mkdir -p /var/log/userlogin/records/${LOGNAME} chmod 300 /var/log/userlogin/records/${LOGNAME} fi export HISTORY_FILE="/var/log/userlogin/records/${LOGNAME}/bash_history" export PROMPT_COMMAND=‘{ date "+%Y-%m-%d %T ##### $(who am i |awk "{print \$1\" \"\$2\" \"\$5}") #### $(history 1 | { read x cmd; echo "$cmd"; })"; } >>$HISTORY_FILE‘ source /etc/profile
3.測試驗證
[root@master01 local]# source /etc/profile [root@master01 local]# cd /var/log/userlogin/records/ [root@master01 records]# ls root [root@master01 records]# cd root/ [root@master01 root]# ls bash_history [root@master01 root]# cat bash_history 2018-06-04 03:41:30 ##### root pts/0 (10.0.0.1) #### source /etc/profile 2018-06-04 03:41:40 ##### root pts/0 (10.0.0.1) #### cd /var/log/userlogin/records/ 2018-06-04 03:41:41 ##### root pts/0 (10.0.0.1) #### ls 2018-06-04 03:41:43 ##### root pts/0 (10.0.0.1) #### cd root/ 2018-06-04 03:41:43 ##### root pts/0 (10.0.0.1) #### ls [root@master01 root]# su - postgres [postgres@master01 ~]$ echo 12345 >>test001 [postgres@master01 ~]$ ls pg_dump.sh test001 [postgres@master01 ~]$ cat test001 12345 [postgres@master01 ~]$ logout [root@master01 root]# pwd /var/log/userlogin/records/root [root@master01 records]# ls postgres root [root@master01 records]# cd postgres/ [root@master01 postgres]# ls bash_history [root@master01 postgres]# cat bash_history 2018-06-04 03:42:17 ##### root pts/0 (10.0.0.1) #### cd .. 2018-06-04 03:42:18 ##### root pts/0 (10.0.0.1) #### ls 2018-06-04 03:42:29 ##### root pts/0 (10.0.0.1) #### echo 12345 >>test001 2018-06-04 03:42:31 ##### root pts/0 (10.0.0.1) #### ls 2018-06-04 03:42:36 ##### root pts/0 (10.0.0.1) #### cat test001
Centos系統添加系統用戶操作記錄審計