linux 用户登录系统后操作记录脚本,虽然我们可以查阅日志或者history来获取相关信息。

这里我介绍一种比较直观方便的方法也能达到预期的效果,如有不足之处,望大侠们给予建议。


# vi /etc/profile.d/accountlog.sh


historyLog(){

 logDir=/opt/accountlog

dateStamp=`date +"[%F %T]"`

dateDir="`date +%Y`/`date +%m`/`date +%d`"

curHistory=`history 1`

user=`/usr/bin/whoami`

realUserInfor=`/usr/bin/who -u am i|awk '{print $1,$2,$3"~"$4,$7}'`

if [ ! -e $logDir ];then

mkdir -p $logDir

chmod 777 $logDir

fi

logDateDir=$logDir/$dateDir

if [ ! -e $logDateDir ];then

mkdir -p $logDateDir

chmod -R 777 $logDir 2>/dev/null

fi

accountLogDir=$logDateDir/${user:=`hostname`}

if [ ! -e $accountLogDir ];then

mkdir -p $accountLogDir

#chmod 777 $accountLogDir

fi

accountLogName=${user:=`hostname`}.his

accountLog=$accountLogDir/$accountLogName

if [ ! -e "$accountLog" ];then

touch $accountLog

#chmod 777 $accountLog

fi

echo "$realUserInfor $dateStamp =>$curHistory" >>$accountLog

}

export PROMPT_COMMAND=historyLog

#chmod +x /etc/profile.d/accountlog.sh

以后每个用户登录的操作都会在/opt/accountlog记录。