2024年5月11日发(作者:)
使用lastcomm命令查看用户命令历史
使用lastcomm需要启用记账(Accounting)功能。
需要安装文件集
执行如下命令为文件和目录设置所需的权限:
●cd /var/adm
●/usr/sbin/acct/nulladm wtmp pacct
启停记账功能:
●启动记账功能:执行/usr/bin/su - adm -c /usr/sbin/acct/startup
●停止记账功能:执行/usr/bin/su - adm -c /usr/sbin/acct/shutacct
如果要在系统启动时自动启动记账功能:
●修改/etc/rc文件,加入:/usr/bin/su - adm -c /usr/sbin/acct/startup
●使用lastcomm命令,其用法为:lastcomm [ Command ] [ Name ] [ Terminal ],
Command为要过滤出来的执行命令,Name为发起命令的用户名,Terminal为用户执行
命令时使用的终端设备名
执行样例:
CODE
[H50:root:/var/adm] lastcomm pts/2
sh S
who
netstat
clear
more
vi
sh F
more
nobody pts/2
nobody pts/2
nobody pts/2
nobody pts/2
pts/2
pts/2
nobody pts/2
pts/2
pts/2
nobody pts/2
0.20 secs Wed Mar 10 11:50
0.05 secs Wed Mar 10 12:00
0.01 secs Wed Mar 10 12:00
0.11 secs Wed Mar 10 12:00
0.02 secs Wed Mar 10 11:59
0.01 secs Wed Mar 10 11:59
lastcomm
lastcomm
nobody 0.02 secs Wed Mar 10 12:00
nobody 0.01 secs Wed Mar 10 11:59
nobody 0.02 secs Wed Mar 10 11:59
nobody 0.02 secs Wed Mar 10 11:59
ls nobody pts/2 0.01 secs Wed Mar 10 11:59
vi nobody pts/2 0.02 secs Wed Mar 10 11:59
sh F nobody pts/2 0.01 secs Wed Mar 10 11:59
ls
sh F
ls
man
sh
sh F
nobody
nobody
nobody
nobody
nobody
nobody
nobody
nobody
nobody
nobody
pts/2
pts/2
pts/2
pts/2
pts/2
pts/2
pts/2
pts/2
pts/2
pts/2
0.01 secs Wed Mar 10 11:59
0.02 secs Wed Mar 10 11:59
0.02 secs Wed Mar 10 11:59
0.01 secs Wed Mar 10 11:59
0.01 secs Wed Mar 10 11:59
0.02 secs Wed Mar 10 11:58
0.01 secs Wed Mar 10 11:58
0.02 secs Wed Mar 10 11:58
0.02 secs Wed Mar 10 11:57
0.01 secs Wed Mar 10 11:57
more
more
more
more
注意:使用此功能后,对于命令操作频繁的系统,应定期观察/var文件系统的空间使
用情况,必要时用> /var/adm/pacct清空命令历史记录
发布者:admin,转转请注明出处:http://www.yc00.com/web/1715393075a2611288.html
评论列表(0条)