#审计用户
'''shell
mkdir -m 777 -p /tmp/log 2>&-
declare -r HISTTIMEFORMAT='%F %T ### '
declare -r HISTCONTROL=''
RSSHTTY=$(who am i |awk '{print $2}')
if [ "$SSH_CONNECTION" ];then
RSSH_CLIENTIP=$(echo $SSH_CONNECTION |awk '{ print $1}')
RSSH_HOSTIP=$(echo $SSH_CONNECTION |awk '{ print $3}')
else
RSSH_CLIENTIP=$(who am i|awk '{print $5}' |sed 's/[()]//g')
RSSH_HOSTIP=$(ip addr | grep inet| grep -v 127.0.0.1 | grep -v inet6 |grep -v virbr| head -n 1 | awk -F/ '{print $1}' | awk '{print $2}')
fi
RCMDLOG_FILE="/tmp/log/cmdlog.$(date +%F)"
[ -f $RCMDLOG_FILE -a -s $RCMDLOG_FILE ] || install -m 777 /dev/null $RCMDLOG_FILE 2>&-
RLOGIN_TIMESTAMP=`date +%s`
rsprompt_command() {
RHISTCMD_PREV=$(history 1);RACTIONDATE=$(history 1|awk '{print $2" "$3}');RACTIONTIME=$(date -d "$RACTIONDATE" +%s)
if [ "$RHISTCMD_BEFORE_LAST" != "$RHISTCMD_PREV" ] && [ "$RACTIONTIME" -ge "$RLOGIN_TIMESTAMP" ]; then
{ date "+%F %T ### ${HOSTNAME} ### ${USER} ### ${RSSHTTY} ### ${RSSH_CLIENTIP} ### ${RSSH_HOSTIP} ### ${SSH_CONNECTION} ### ${PWD} ### $(history 1|awk "{\$1=\"\";print}")"; } 2>&- >> $RCMDLOG_FILE
fi
RHISTCMD_BEFORE_LAST=$RHISTCMD_PREV
}
declare -r PROMPT_COMMAND='rsprompt_command'
将以上内容写入
vim /etc/profile
source /etc/profile