通过登入IP记录Linux所有用户登录所操作的日志(转载)

             通过登入IP记录Linux所有用户登录所操作的日志(转载)

 转载于：https://blog.youkuaiyun.com/b108074013/article/details/48165981

1.首先在/etc/profile.d/文件夹下面添加如下脚本

[root@lw ~]#  vim /etc/profile.d/user_all_history.sh
# History
USER=`whoami`
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`

if [ "$USER_IP" = "" ]; then
USER_IP=`hostname`
fi

if [ ! -d /usr/local/history ]; then
mkdir /usr/local/history
chmod 777 /usr/local/history
fi

if [ ! -d /usr/local/history/${LOGNAME} ]; then
mkdir /usr/local/history/${LOGNAME}
chmod 300 /usr/local/history/${LOGNAME}
fi

export HISTSIZE=10000
DT=`date +"%Y-%m-%d_%H:%M:%S"`

export HISTFILE="/usr/local/history/${LOGNAME}/${USER}@${USER_IP}_history.$DT"
chmod 600 /usr/local/history/${LOGNAME}/*history* 2>/dev/null

2. 使脚本生效

[root@lw ~]# source /etc/profile.d/user_all_history.sh

3.退出系统再重新登录，在/usr/local/history/目录下才有记录

[root@lw ~]# cd  /usr/local/history/root/

[root@lw root]# ll
总用量 28
-rw------- 1 root root 262 10月 16 22:00 root@125.111.67.12_history.2019-10-16_22:00:27
-rw------- 1 root root 130 10月 16 22:02 root@125.111.67.12_history.2019-10-16_22:00:47
-rw------- 1 root root 138 10月 16 22:04 root@125.222.67.12_history.2019-10-16_22:02:18
-rw------- 1 root root  98 10月 16 22:05 root@125.234.67.12_history.2019-10-16_22:04:59
-rw------- 1 root root  85 10月 15 16:53 root@223.1.145.1_history.2019-10-15_16:53:41
-rw------- 1 root root  95 10月 15 19:06 root@223.104.14.137_history.2019-10-15_16:53:49
-rw------- 1 root root 212 10月 15 19:05 root@lw_history.2019-10-15_16:48:38

[root@lw root]# cat root@lw_history.2019-10-15_16:48:38
vim /etc/profile.d/user_all_history.sh
source /etc/profile.d/user_all_history.sh
chmod 400 /etc/profile.d/user_all_history.sh
cd /etc/profile.d/
ll
chmod  644  user_all_history.sh
ll
source user_all_history.sh

4.如果想只有root可见可以如下设置

[root@lw ~]# chmod 400 /etc/profile.d/user_all_history.sh