建立一个 Command_history.sh
touch /var/log/Command_history.sh
内容如下
#!/bin/sh
touch /var/log/Command_history.log
chown nobody.nobody /var/log/Command_history.log
chmod 002 /var/log/Command_history.log
chattr +a /var/log/Command_history.log
export HISTORY_FILE=/var/log/Command_history.log
export PROMPT_COMMAND='{ date "+%Y-%m-%d %T ##### USER:$USER IP:$SSH_CLIENT PS:$SSH_TTY ppid=$PPID pwd=$PWD #### $(history 1 | { read x cmd; echo "$cmd"; })";} >>$HISTORY_FILE'
source /etc/profile
通过命令
. Command_history.sh
之后就会在 /var/log/. Command_history.log 文件中记录 ssh 用户连接 的详细内容 和 用户都做了什么操作
通过命令查看
vim /var/log/Command_history.log
内容如下