實時監控Linux服務器用戶操做命令

在/etc/profile 追加

export HISTORY_FILE=/var/log/history/userhistory.log
readonly PROMPT_COMMAND='{ date "+%y-%m-%d %T ##### $(who am i |awk "{print \$1\" \"\$2\" \"\$NF}")  #### $(id|awk "{print \$1}") #### $(history 1 | { read x cmd; echo "$cmd";})"; } >>$HISTORY_FILE'

重讀 source  /etc/profile便可生效.

     mkdir  -p  /var/log/history/

     touch   /var/log/history/userhistory.log

在/etc/logrotate.d/新增配置文件 userhistory

/etc/loratate.d/userhistory 內容以下

/var/log/history/userhistory.log {
        weekly
        notifempty
        prerotate
        /usr/bin/chattr -a /var/log/history/userhistory.log
        endscript
        postrotate
        /bin/chmod 002 /var/log/history/userhistory.log
        /usr/bin/chattr +a /var/log/history/userhistory.log
        endscript
}