文章目錄
- 1.使用history指令
- 2.自定義格式化history
1.使用history指令
history如下所示:
存儲的日志檔案 ~/.bash_History
[root@server ~]# history | head -20
1 passwd root
2 crontab -l
3 crontab -e
4 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
5 setenforce 0
6 getenforce 0
7 setenforce 0
8 getenforce 0
9 rpm -Uvh https://mirrors.aliyun.com/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
10 rpm -e zabbix-release-5.3-1.el8.noarch
11 rpm -Uvh https://mirrors.aliyun.com/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
12 sed -i 's#http://repo.zabbix.com#https://mirrors.aliyun.com/zabbix#' /etc/yum.repos.d/zabbix.repo
13 yum clean all && yum makecache
14 yum install zabbix-agent2 -y
15 systemctl enable --now zabbix-agent2.service
16 netstat -lntp |grep zabbix
17 vim /etc/zabbix/zabbix_agent2.conf
18 mv /etc/zabbix/zabbix_agent2.conf /etc/zabbix/zabbix_agent2.conf.bak
19 vim /etc/zabbix/zabbix_agent2.conf
20 正常來說,history展示的操作記錄,但是沒有确切的時間,我們可以在/etc/bashrc檔案中加入下列代碼展示時間:
[root@server ~]# cat /etc/bashrc |tail -5
HISTFILESIZE=2000
HISTSIZE=2000
HISTTIMEFORMAT="%Y%m%d-%H:%M:%S: "
export 添加配置後,效果如下所示:
[root@server ~]# history |tail -20
984 20220418-14:36:44: sh 1.sh
985 20220418-14:37:21: vim 1.sh
986 20220418-14:37:30: sh 1.sh
987 20220418-16:43:01: vim 1.sh
988 20220418-16:43:12: sh 1.sh
989 20220418-16:43:53: vim 1.sh
990 20220418-16:44:03: sh 1.sh
991 20220418-21:46:35: set +o history;
992 20220418-21:46:37: history
993 20220418-21:46:50: history
994 20220418-21:47:21: last
995 20220418-21:48:48: lastlog
996 20220418-21:49:18: lastt
997 20220418-21:49:25: lastb
998 20220418-21:50:36: lastlog
999 20220418-21:53:12: vim .bash_history
1000 20220418-21:53:54: vim /etc/bashrc
1001 20220418-21:54:49: history
1002 20220418-21:59:20: history |tail 2.自定義格式化history
#################### history ##################
USER_IP=`who -u am i 2>/dev/null | awk '{print $NF}' | sed -e 's/[()]//g'`
if [ "$USER_IP" = "" ]
then
USER_IP=`hostname`
fi
export HISTTIMEFORMAT="%F %T $USER_IP `whoami`
shopt -s histappend
export PROMPT_COMMAND="history -a"
################# history ################### [root@server ~]# history |head -20
1 2022-01-27 14:35:25 101.88.40.86 root service status audit
2 2022-01-27 14:35:41 101.88.40.86 root systemctl status auditd.service
3 2022-01-27 14:35:47 101.88.40.86 root systemctl stop auditd.service
4 2022-01-27 14:36:04 101.88.40.86 root service status auditd
5 2022-01-27 14:36:12 101.88.40.86 root service status audit
6 2022-01-27 14:36:29 101.88.40.86 root service auditd status
7 2022-01-27 14:36:34 101.88.40.86 root service auditd stop
8 2022-01-27 14:36:37 101.88.40.86 root service auditd status
9 2022-01-27 14:36:42 101.88.40.86 root ll
10 2022-01-27 14:36:57 101.88.40.86 root cd /etc/audit/
11 2022-01-27 14:36:59 101.88.40.86 root ll
12 2022-01-27 14:37:05 101.88.40.86 root vim audit.rules
13 2022-01-27 14:37:11 101.88.40.86 root ll
14 2022-01-27 14:37:20 101.88.40.86 root rm -rf audit.rules
15 2022-01-27 14:37:21 101.88.40.86 root ll
16 2022-01-27 14:37:30 101.88.40.86 root cp /root/audit.rules .
17 2022-01-27 14:37:31 101.88.40.86 root ll
18 2022-01-27 14:37:36 101.88.40.86 root vim audit.rules
19 2022-01-27 14:37:49 101.88.40.86 root service auditd start
20 2022-01-27 14:37:56 101.88.40.86 root service ![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)