导语
作为Linux管理员,在出现问题的时候,有时候想反查过去某段时间内 那个用户在什么时间执行过什么命令。这个时候就需要用到Linux下面的history功能
说明
作为管理员,希望能将所有的history记录保存自己方便控制的运维主机上面方便同意管理和查阅,不同主机的记录按主机ip分目录存放 管理员可以查阅所有的,但是普通用户只允许创建查阅属于自己的history记录我呢见
脚本
#!/usr/bin/env bash currentip=$(/usr/sbin/ifconfig |grep ‘inet ‘ |grep -v ‘127.0.0.1‘ |awk ‘{print $2}‘) historyPath="/devOps/backup/history/"## 不同主机的记录按IP创建不同的目录存放if [ ! -d ${historyPath}${currentip} ] then mkdir -p ${historyPath}${currentip} chmod -R 777 ${historyPath}${currentip} chmod a+t ${historyPath}${currentip}fi## history setting ## 区分管理root和普通用户,普通用户只读if [ $UID -ge 500 ]then readonly HISTFILE=${historyPath}${currentip}/$USER-$UID.log readonly HISTFILESIZE=50000 readonly HISTSIZE=10000 readonly HISTTIMEFORMAT="%F %T `who am i |awk ‘{print $1}‘` `whoami` " readonly HISTCONTROL=ignoredups shopt -s histappend readonly PROMPT_COMMAND="history -a"else HISTFILE=${historyPath}${currentip}/$USER-$UID.log HISTFILESIZE=50000 HISTSIZE=10000 HISTTIMEFORMAT="%F %T `who am i |awk ‘{print $1}‘` `whoami` " HISTCONTROL=ignoredups shopt -s histappend PROMPT_COMMAND="history -a"fi
实际效果
1588 2016-09-12 11:23:09 root root tail -f /usr/local/tomcat/logs/dataLog/define.log |grep MasterBGirlSayHiBoy 1589 2016-09-12 11:38:00 root root cat /usr/local/tomcat/logs/dataLog/define.log |grep sendTopicMsg 1590 2016-09-12 11:39:22 root root cat /usr/local/tomcat/logs/dataLog/define.log |grep sendTopicMsg |grep ‘"billing":"2"‘ 1591 2016-09-12 11:39:26 root root cat /usr/local/tomcat/logs/dataLog/define.log |grep sendTopicMsg |grep ‘"billing":"5"‘ 1592 2016-09-12 11:59:27 root root cat /etc/profile.d/history.sh
附加知识点
who am i && whoami
原文地址:https://www.cnblogs.com/opensmarty/p/11347720.html
时间: 2024-10-09 07:59:12