監控端
工具 ansible
計劃任務
*/10 * * * * /dev/shm/history_log.sh
構建腳本
vim /dev/shm/history_log.sh
#!/bin/bash
function history_log(){
local time
time=`date -d "-10 min" "+%F %H:%M"`
tim=${time%[0-9]}
remote_ab -h test -c "tail -300 /tmp/all_history"|grep "$tim" >> /tmp/All_history
}
history_log
which remote_ab
alias remote_ab='/dev/shm/remote_ansi'
/dev/shm/remote_ansi
vim /dev/shm/remote_ansi
#!/bin/bash
while getopts "h:c:" opt
do
case $opt in
h)
host=$OPTARG
;;
c)
command=$OPTARG
;;
*)
echo "please click --help "
;;
esac
done
if [ "x$host" != "xtest" -a "x$host" != "xonline" ]
then
echo "make a choise in [ test|online ]"
exit
fi
remote_ansi -i /home/ec2-user/remote_ansi/hosts $host -a "$command"
remote_ab //ansible安裝完後,重命名ansible,然後創建軟鏈接
mv /usr/bin_ansible /usr/bin/remote_ansi
客戶端
# echo "export HISTTIMEFORMAT='[ %F %T ] ' " >> /etc/profile
然後修改/etc/skel/.bash_logout
# ~/.bash_logout
history|awk '{$1=""}1' > /tmp/history_`whoami`
sed -i "s/^/`hostname` `whoami`/g" /tmp/history_`whoami`
cat /tmp/history_`whoami` >> /tmp/all_history
history -c
> ~/.bash_history
這個腳本可以讓新建端用戶實現蒐集日誌端功能,要向讓當前存在端用戶也可以被蒐集日誌,就需要修改存在用戶端加目錄下端
.bash_logout文件
內容與上相同,注意, /tmp/all_history 文件權限須爲777
這樣做完後,就可以監控服務器上所有用戶端操作歷史了。