Linux 配置 history 命令显示操作时间、用户和登录 IP,并记录到系统日志

艺帆风顺 发布于 2025-04-03 18 次阅读

一、history 命令显示操作时间、用户和登录 IP

/etc/bashrc 或 /etc/profile 或 ~/.bashrc 或 ~/.bash_profile 中添加如下配置:

$ vim /etc/bashrc # 进到这个里面之后,在文件最后处加上下面这一段即可 
HISTFILESIZE=4000 # 默认保存命令是1000条,这里修改为4000条
HISTSIZE=4000
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'` # 取得登录客户端的IP
if [ -z $USER_IP ]
then
 USER_IP=`hostname`
fi
HISTTIMEFORMAT="%F %T $USER_IP:`whoami` " # 设置新的显示history的格式
export HISTTIMEFORMAT

②加载配置

$ source /etc/bashrc

③最终显示效果如下

 $ history | head -n 10
 1 2022-04-27 02:45:52 10.*.*.11:root hostnamectl set-hostname NetworkAutoCheck
 2 2022-04-27 02:45:52 10.*.*.11:root hostanme
 3 2022-04-27 02:45:52 10.*.*.11:root hostname
 4 2022-04-27 02:45:52 10.*.*.11:root python -v
 5 2022-04-27 02:45:52 10.*.*.11:root yum install wget 
 6 2022-04-27 02:45:52 10.*.*.11:root cd /usr/local/
 7 2022-04-27 02:45:52 10.*.*.11:root ls
 8 2022-04-27 02:45:52 10.*.*.11:root mkdir -p /NetAutoCheck/nornir/inventory 
 9 2022-04-27 02:45:52 10.*.*.11:root ls
 10 2022-04-27 02:45:52 10.*.*.11:root rm -rf /NetAutoCheck/nornir/inventory
$

二、将 history 记录到 log

# export HISTTIMEFORMAT="%F %T $USER_IP:`whoami` "
# export HISTTIMEFORMAT="[%F %T][`whoami`][${USER_IP}] "
USER_IP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
export HISTTIMEFORMAT="%F %T $USER_IP:`whoami` "

# history
LOGIP=`who -u am i 2>/dev/null| awk '{print $NF}'|sed -e 's/[()]//g'`
LOG_DIR=/var/log/history
if [ -z $LOGIP ]
then
 LOGIP=`hostname`
fi
if [ ! -d $LOG_DIR ]
then
 mkdir -p $LOG_DIR
 chmod 777 $LOG_DIR
fi
if [ ! -d $LOG_DIR/${LOGNAME} ]
then 
 mkdir -p $LOG_DIR/${LOGNAME}
 chmod 777 $LOG_DIR/${LOGNAME}
fi
export HISTSIZE=4096
LOGTM=`date +"%Y%m%d_%H%M%S"`
export HISTFILE="$LOG_DIR/${LOGNAME}/${LOGIP}-${LOGTM}.txt"
chmod 777 $LOG_DIR/${LOGNAME}/*-* 2>/dev/null

执行source生效:

source /etc/bashrc 或 source /etc/profile 或 source ~/.bashrc 或 ~/.bash_profile

# Markdown 代码块与语法高亮: 三个反引号 ```bash```
 $ history | head -n 10
 1 2022-04-27 02:45:52 10.*.*.11:root hostnamectl set-hostname NetworkAutoCheck
 2 2022-04-27 02:45:52 10.*.*.11:root hostanme
 3 2022-04-27 02:45:52 10.*.*.11:root hostname
 4 2022-04-27 02:45:52 10.*.*.11:root python -v
 5 2022-04-27 02:45:52 10.*.*.11:root yum install wget 
 6 2022-04-27 02:45:52 10.*.*.11:root cd /usr/local/
 7 2022-04-27 02:45:52 10.*.*.11:root ls
 8 2022-04-27 02:45:52 10.*.*.11:root mkdir -p /NetAutoCheck/nornir/inventory 
 9 2022-04-27 02:45:52 10.*.*.11:root ls
 10 2022-04-27 02:45:52 10.*.*.11:root rm -rf /NetAutoCheck/nornir/inventory
$

# Markdown 代码块与语法高亮: 缩进式插入多行代码
[root@ross root]# pwd
/var/log/history/root
$ ls -lh
total 4.0K
-rwxrwxrwx. 1 root root 366 Apr 27 03:37 20220427_033316.txt
$ cat 20220427_033316.txt 
#1651044999
vim /etc/bashrc 
#1651045054
ls
#1651045062
source /etc/bashrc
[root@ross root]# python3
Python 3.9.11 (main, Apr 24 2022, 04:10:27) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import time
>>> time.ctime(1651044999) 
'Wed Apr 27 03:36:39 2022'
>>> time.ctime(1651045054)
'Wed Apr 27 03:37:34 2022'
>>> time.ctime(1651045062)
'Wed Apr 27 03:37:42 2022'
>>> exit()
[root@ross root]#

 # Markdown 代码块与语法高亮: ```python *** ```
[root@ross root]# pwd
/var/log/history/root
$ ls -lh
total 4.0K
-rwxrwxrwx. 1 root root 366 Apr 27 03:37 20220427_033316.txt
$ cat 20220427_033316.txt 
#1651044999
vim /etc/bashrc 
#1651045054
ls
#1651045062
source /etc/bashrc
[root@ross root]# python3
Python 3.9.11 (main, Apr 24 2022, 04:10:27) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import time
>>> time.ctime(1651044999) 
'Wed Apr 27 03:36:39 2022'
>>> time.ctime(1651045054)
'Wed Apr 27 03:37:34 2022'
>>> time.ctime(1651045062)
'Wed Apr 27 03:37:42 2022'
>>> exit()
[root@ross root]#

Markdown插入行内代码,即插入一个单词或者一句代码的情况,使用 `code`这样的形式插入

  • 在一般的段落文字中,可以使用反引号 ` 来标记或插入代码区段.

Markdown插入多行代码,分别使用三个反引号(```)包裹多行代码,或者使用缩进.

  • 在需要高亮的代码块的前一行及后一行使用三个反引号 ``` (~ 键)
    同时第一行反引号后面,输入代码块所使用的语言,实现代码高亮.

  • 缩进式插入多行代码
    注意:
    缩进式插入前方必须有空行;
    缩进 4 个空格或是 1 个制表符;
    一个代码区块会一直持续到没有缩进的那一行(或是文件结尾).

三、HISTSIZE vs. HISTFILESIZE

HISTSIZE:history命令显示的行数[root@ross ~]# history

 1 2022-05-04 22:33:05 10.147.112.11:root cat .bash_history 
 2 2022-05-04 22:33:15 10.147.112.11:root history
 3 2022-05-04 22:33:38 10.147.112.11:root vim /etc/bashrc
 4 2022-05-04 22:33:54 10.147.112.11:root source /etc/bashrc
 5 2022-05-04 22:33:56 10.147.112.11:root history
 6 2022-05-04 22:34:04 10.147.112.11:root vim /etc/bashrc
 7 2022-05-04 22:35:15 10.147.112.11:root source /etc/bashrc
 8 2022-05-04 22:35:19 10.147.112.11:root history
 9 2022-05-04 22:36:15 10.147.112.11:root uname
 10 2022-05-04 22:36:19 10.147.112.11:root cat /etc/redhat-release 
 11 2022-05-04 22:36:23 10.147.112.11:root history
[root@ross ~]# 
[root@ross ~]# export HISTSIZE="5"
[root@ross ~]# history
 8 2022-05-04 22:36:15 10.147.112.11:root uname
 9 2022-05-04 22:36:19 10.147.112.11:root cat /etc/redhat-release 
 10 2022-05-04 22:36:23 10.147.112.11:root history
 11 2022-05-04 22:36:32 10.147.112.11:root export HISTSIZE="5"
 12 2022-05-04 22:36:35 10.147.112.11:root history
[root@ross ~]#

HISTFILESIZE:.bash_history文件中最大能记录的行数

[root@ross ~]# cat .bash_history | wc -l
1051
[root@ross ~]#
版权声明:本文内容来自简书:RossRachel,遵循CC 4.0 BY-SA版权协议上原文接及本声明。本作品采用知识共享署名-非商业性使用-禁止演绎 2.5 中国大陆许可协议进行许可。原文链接:https://www.jianshu.com/p/2c52eaa0b727如有涉及到侵权,请联系,将立即予以删除处理。在此特别鸣谢原作者的创作。此篇文章的所有版权归原作者所有,与本公众号无关,商业转载建议请联系原作者,非商业转载请注明出处。