在Linux上记录和重放终端会话活动

在Linux上记录和重放终端会话活动

通常,Linux 管理员们都使用 history 命令来跟踪在先前的会话中执行过哪些命令,但是 history 命令的局限性在于它不存储命令的输出。在某些情况下,我们要检查上一个会话的命令输出,并希望将其与当前会话进行比较。除此之外,在某些情况下,我们正在对 Linux 生产环境中的问题进行故障排除,并希望保存所有终端会话活动以供将来参考,因此在这种情况下,script 命令就变得很方便。

script 是一个命令行工具,用于捕获/记录你的 Linux 服务器终端会话活动,以后可以使用 scriptreplay 命令重放记录的会话。在本文中,我们将演示如何安装 script 命令行工具以及如何记录 Linux 服务器终端会话活动,然后,我们将看到如何使用 scriptreplay 命令来重放记录的会话。

安装 script 工具

在 RHEL 7/ CentOS 7 上安装 script 工具

script 命令由 RPM 包 util-linux 提供,如果你没有在你的 CentOS 7 / RHEL 7 系统上安装它,运行下面的 yum 安装它:

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">yum</span><span class="pln"> install util</span><span class="pun">-</span><span class="pln">linux </span><span class="pun">-</span><span class="pln">y</span>

在 RHEL 8 / CentOS 8 上安装 script 工具

运行下面的 dnf 命令来在 RHEL 8 / CentOS 8 上安装 script 工具:

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install util</span><span class="pun">-</span><span class="pln">linux </span><span class="pun">-</span><span class="pln">y</span>

在基于 Debian 的系统(Ubuntu / Linux Mint)上安装 script 工具

运行下面的 apt-get 命令来安装 script 工具:

  1. <span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">apt-get</span><span class="pln"> install util</span><span class="pun">-</span><span class="pln">linux </span><span class="pun">-</span><span class="pln">y</span>

如何使用 script 工具

直接使用 script 命令,在终端上键入 script 命令,然后按回车,它将开始在名为 typescript 的文件中捕获当前的终端会话活动。

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">script</span>
  2. <span class="typ">Script</span><span class="pln"> started</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> typescript</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

要停止记录会话活动,请键入 exit 命令,然后按回车:

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exit</span>
  2. <span class="kwd">exit</span>
  3. <span class="typ">Script</span><span class="pln"> </span><span class="kwd">done</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> typescript</span>
  4. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

script 命令的语法格式:

  1. <span class="pun">~]</span><span class="pln"> </span><span class="com">#</span><span class="pln"> </span><span class="kwd">script</span><span class="pln"> </span><span class="pun">{</span><span class="pln">options</span><span class="pun">}</span><span class="pln"> </span><span class="pun">{</span><span class="pln">file_name</span><span class="pun">}</span>

能在 script 命令中使用的不同选项:

在Linux上记录和重放终端会话活动

options-script-command

让我们开始通过执行 script 命令来记录 Linux 终端会话,然后执行诸如 wroute -ndf -hfree -h,示例如下所示:

在Linux上记录和重放终端会话活动

script-examples-linux-server

正如我们在上面看到的,终端会话日志保存在文件 typescript 中:

现在使用 cat / vi 命令查看 typescript 文件的内容,

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">ls</span><span class="pln"> </span><span class="pun">-</span><span class="pln">l typescript</span>
  2. <span class="pun">-</span><span class="pln">rw</span><span class="pun">-</span><span class="pln">r</span><span class="pun">--</span><span class="pln">r</span><span class="pun">--.</span><span class="pln"> </span><span class="lit">1</span><span class="pln"> root root </span><span class="lit">1861</span><span class="pln"> </span><span class="typ">Jun</span><span class="pln"> </span><span class="lit">21</span><span class="pln"> </span><span class="lit">00</span><span class="pun">:</span><span class="lit">50</span><span class="pln"> typescript</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

在Linux上记录和重放终端会话活动

typescript-file-content-linux

以上内容确认了我们在终端上执行的所有命令都已保存在 typescript 文件中。

在 script 命令中使用定制文件名

假设我们要使用自定义文件名来执行 script 命令,可以在 script 命令后指定文件名。在下面的示例中,我们使用的文件名为 session-log-(当前日期时间).txt

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">script</span><span class="pln"> sessions</span><span class="pun">-</span><span class="pln">log</span><span class="pun">-</span><span class="pln">$</span><span class="pun">(</span><span class="kwd">date</span><span class="pln"> </span><span class="pun">+%</span><span class="pln">d</span><span class="pun">-%</span><span class="pln">m</span><span class="pun">-%</span><span class="pln">Y</span><span class="pun">-%</span><span class="pln">T</span><span class="pun">).</span><span class="pln">txt</span>
  2. <span class="typ">Script</span><span class="pln"> started</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> sessions</span><span class="pun">-</span><span class="pln">log</span><span class="pun">-</span><span class="lit">21</span><span class="pun">-</span><span class="lit">06</span><span class="pun">-</span><span class="lit">2019</span><span class="pun">-</span><span class="lit">01</span><span class="pun">:</span><span class="lit">37</span><span class="pun">:</span><span class="lit">39.txt</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

现在运行该命令并输入 exit

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exit</span>
  2. <span class="kwd">exit</span>
  3. <span class="typ">Script</span><span class="pln"> </span><span class="kwd">done</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> sessions</span><span class="pun">-</span><span class="pln">log</span><span class="pun">-</span><span class="lit">21</span><span class="pun">-</span><span class="lit">06</span><span class="pun">-</span><span class="lit">2019</span><span class="pun">-</span><span class="lit">01</span><span class="pun">:</span><span class="lit">37</span><span class="pun">:</span><span class="lit">39.txt</span>
  4. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

附加命令输出到 script 记录文件

假设 script 命令已经将命令输出记录到名为 session-log.txt 的文件中,现在我们想将新会话命令的输出附加到该文件中,那么可以在 script 命令中使用 -a 选项。

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">script</span><span class="pln"> </span><span class="pun">-</span><span class="pln">a sessions</span><span class="pun">-</span><span class="pln">log</span><span class="pun">.</span><span class="pln">txt</span>
  2. <span class="typ">Script</span><span class="pln"> started</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> sessions</span><span class="pun">-</span><span class="pln">log</span><span class="pun">.</span><span class="pln">txt</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> xfs_info </span><span class="pun">/</span><span class="pln">dev</span><span class="pun">/</span><span class="pln">mapper</span><span class="pun">/</span><span class="pln">centos</span><span class="pun">-</span><span class="pln">root</span>
  4. <span class="pln">meta</span><span class="pun">-</span><span class="pln">data</span><span class="pun">=</span><span class="str">/dev/</span><span class="pln">mapper</span><span class="pun">/</span><span class="pln">centos</span><span class="pun">-</span><span class="pln">root isize</span><span class="pun">=</span><span class="lit">512</span><span class="pln"> agcount</span><span class="pun">=</span><span class="lit">4</span><span class="pun">,</span><span class="pln"> agsize</span><span class="pun">=</span><span class="lit">2746624</span><span class="pln"> blks</span>
  5. <span class="pln"> </span><span class="pun">=</span><span class="pln"> sectsz</span><span class="pun">=</span><span class="lit">512</span><span class="pln"> </span><span class="kwd">attr</span><span class="pun">=</span><span class="lit">2</span><span class="pun">,</span><span class="pln"> projid32bit</span><span class="pun">=</span><span class="lit">1</span>
  6. <span class="pln"> </span><span class="pun">=</span><span class="pln"> crc</span><span class="pun">=</span><span class="lit">1</span><span class="pln"> finobt</span><span class="pun">=</span><span class="lit">0</span><span class="pln"> spinodes</span><span class="pun">=</span><span class="lit">0</span>
  7. <span class="pln">data </span><span class="pun">=</span><span class="pln"> bsize</span><span class="pun">=</span><span class="lit">4096</span><span class="pln"> blocks</span><span class="pun">=</span><span class="lit">10986496</span><span class="pun">,</span><span class="pln"> imaxpct</span><span class="pun">=</span><span class="lit">25</span>
  8. <span class="pln"> </span><span class="pun">=</span><span class="pln"> sunit</span><span class="pun">=</span><span class="lit">0</span><span class="pln"> swidth</span><span class="pun">=</span><span class="lit">0</span><span class="pln"> blks</span>
  9. <span class="pln">naming </span><span class="pun">=</span><span class="pln">version </span><span class="lit">2</span><span class="pln"> bsize</span><span class="pun">=</span><span class="lit">4096</span><span class="pln"> ascii</span><span class="pun">-</span><span class="pln">ci</span><span class="pun">=</span><span class="lit">0</span><span class="pln"> ftype</span><span class="pun">=</span><span class="lit">1</span>
  10. <span class="pln">log </span><span class="pun">=</span><span class="pln">internal bsize</span><span class="pun">=</span><span class="lit">4096</span><span class="pln"> blocks</span><span class="pun">=</span><span class="lit">5364</span><span class="pun">,</span><span class="pln"> version</span><span class="pun">=</span><span class="lit">2</span>
  11. <span class="pln"> </span><span class="pun">=</span><span class="pln"> sectsz</span><span class="pun">=</span><span class="lit">512</span><span class="pln"> sunit</span><span class="pun">=</span><span class="lit">0</span><span class="pln"> blks</span><span class="pun">,</span><span class="pln"> lazy</span><span class="pun">-</span><span class="pln">count</span><span class="pun">=</span><span class="lit">1</span>
  12. <span class="pln">realtime </span><span class="pun">=</span><span class="pln">none extsz</span><span class="pun">=</span><span class="lit">4096</span><span class="pln"> blocks</span><span class="pun">=</span><span class="lit">0</span><span class="pun">,</span><span class="pln"> rtextents</span><span class="pun">=</span><span class="lit">0</span>
  13. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exit</span>
  14. <span class="kwd">exit</span>
  15. <span class="typ">Script</span><span class="pln"> </span><span class="kwd">done</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> sessions</span><span class="pun">-</span><span class="pln">log</span><span class="pun">.</span><span class="pln">txt</span>
  16. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

要查看更新的会话记录,使用 cat session-log.txt 命令。

无需 shell 交互而捕获命令输出到 script 记录文件

假设我们要捕获命令的输出到会话记录文件,那么使用 -c 选项,示例如下所示:

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">script</span><span class="pln"> </span><span class="pun">-</span><span class="pln">c </span><span class="str">"uptime && hostname && date"</span><span class="pln"> root</span><span class="pun">-</span><span class="pln">session</span><span class="pun">.</span><span class="pln">txt</span>
  2. <span class="typ">Script</span><span class="pln"> started</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> root</span><span class="pun">-</span><span class="pln">session</span><span class="pun">.</span><span class="pln">txt</span>
  3. <span class="pln"> </span><span class="lit">01</span><span class="pun">:</span><span class="lit">57</span><span class="pun">:</span><span class="lit">40</span><span class="pln"> up </span><span class="lit">2</span><span class="pun">:</span><span class="lit">30</span><span class="pun">,</span><span class="pln"> </span><span class="lit">3</span><span class="pln"> </span><span class="kwd">users</span><span class="pun">,</span><span class="pln"> load average</span><span class="pun">:</span><span class="pln"> </span><span class="lit">0.00</span><span class="pun">,</span><span class="pln"> </span><span class="lit">0.01</span><span class="pun">,</span><span class="pln"> </span><span class="lit">0.05</span>
  4. <span class="pln">linuxtechi</span>
  5. <span class="typ">Fri</span><span class="pln"> </span><span class="typ">Jun</span><span class="pln"> </span><span class="lit">21</span><span class="pln"> </span><span class="lit">01</span><span class="pun">:</span><span class="lit">57</span><span class="pun">:</span><span class="lit">40</span><span class="pln"> EDT </span><span class="lit">2019</span>
  6. <span class="typ">Script</span><span class="pln"> </span><span class="kwd">done</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> root</span><span class="pun">-</span><span class="pln">session</span><span class="pun">.</span><span class="pln">txt</span>
  7. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

以静默模式运行 script 命令

要以静默模式运行 script 命令,请使用 -q 选项,该选项将禁止 script 的启动和完成消息,示例如下所示:

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">script</span><span class="pln"> </span><span class="pun">-</span><span class="pln">c </span><span class="str">"uptime && date"</span><span class="pln"> </span><span class="pun">-</span><span class="pln">q root</span><span class="pun">-</span><span class="pln">session</span><span class="pun">.</span><span class="pln">txt</span>
  2. <span class="pln"> </span><span class="lit">02</span><span class="pun">:</span><span class="lit">01</span><span class="pun">:</span><span class="lit">10</span><span class="pln"> up </span><span class="lit">2</span><span class="pun">:</span><span class="lit">33</span><span class="pun">,</span><span class="pln"> </span><span class="lit">3</span><span class="pln"> </span><span class="kwd">users</span><span class="pun">,</span><span class="pln"> load average</span><span class="pun">:</span><span class="pln"> </span><span class="lit">0.00</span><span class="pun">,</span><span class="pln"> </span><span class="lit">0.01</span><span class="pun">,</span><span class="pln"> </span><span class="lit">0.05</span>
  3. <span class="typ">Fri</span><span class="pln"> </span><span class="typ">Jun</span><span class="pln"> </span><span class="lit">21</span><span class="pln"> </span><span class="lit">02</span><span class="pun">:</span><span class="lit">01</span><span class="pun">:</span><span class="lit">10</span><span class="pln"> EDT </span><span class="lit">2019</span>
  4. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

要将时序信息记录到文件中并捕获命令输出到单独的文件中,这可以通过在 script 命令中传递时序文件(-timing)实现,示例如下所示:

语法格式:

  1. <span class="pun">~</span><span class="pln"> </span><span class="pun">]#</span><span class="pln"> </span><span class="kwd">script</span><span class="pln"> </span><span class="pun">-</span><span class="pln">t </span><span class="pun"><</span><span class="pln">timing</span><span class="pun">-</span><span class="kwd">file</span><span class="pun">-</span><span class="pln">name</span><span class="pun">></span><span class="pln"> </span><span class="pun">{</span><span class="pln">file_name</span><span class="pun">}</span>
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">script</span><span class="pln"> </span><span class="pun">--</span><span class="pln">timing</span><span class="pun">=</span><span class="pln">timing</span><span class="pun">.</span><span class="pln">txt session</span><span class="pun">.</span><span class="pln">log</span>
  2. <span class="typ">Script</span><span class="pln"> started</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> session</span><span class="pun">.</span><span class="pln">log</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">uptime</span>
  4. <span class="pln"> </span><span class="lit">02</span><span class="pun">:</span><span class="lit">27</span><span class="pun">:</span><span class="lit">59</span><span class="pln"> up </span><span class="lit">3</span><span class="pun">:</span><span class="lit">00</span><span class="pun">,</span><span class="pln"> </span><span class="lit">3</span><span class="pln"> </span><span class="kwd">users</span><span class="pun">,</span><span class="pln"> load average</span><span class="pun">:</span><span class="pln"> </span><span class="lit">0.00</span><span class="pun">,</span><span class="pln"> </span><span class="lit">0.01</span><span class="pun">,</span><span class="pln"> </span><span class="lit">0.05</span>
  5. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">date</span>
  6. <span class="typ">Fri</span><span class="pln"> </span><span class="typ">Jun</span><span class="pln"> </span><span class="lit">21</span><span class="pln"> </span><span class="lit">02</span><span class="pun">:</span><span class="lit">28</span><span class="pun">:</span><span class="lit">02</span><span class="pln"> EDT </span><span class="lit">2019</span>
  7. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> free </span><span class="pun">-</span><span class="pln">h</span>
  8. <span class="pln"> total used free shared buff</span><span class="pun">/</span><span class="pln">cache available</span>
  9. <span class="typ">Mem</span><span class="pun">:</span><span class="pln"> </span><span class="lit">3.9G</span><span class="pln"> </span><span class="lit">171M</span><span class="pln"> </span><span class="lit">2.0G</span><span class="pln"> </span><span class="lit">8.6M</span><span class="pln"> </span><span class="lit">1.7G</span><span class="pln"> </span><span class="lit">3.3G</span>
  10. <span class="typ">Swap</span><span class="pun">:</span><span class="pln"> </span><span class="lit">3.9G</span><span class="pln"> </span><span class="lit">0B</span><span class="pln"> </span><span class="lit">3.9G</span>
  11. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">whoami</span>
  12. <span class="pln">root</span>
  13. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exit</span>
  14. <span class="kwd">exit</span>
  15. <span class="typ">Script</span><span class="pln"> </span><span class="kwd">done</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">file</span><span class="pln"> </span><span class="kwd">is</span><span class="pln"> session</span><span class="pun">.</span><span class="pln">log</span>
  16. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
  17. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">ls</span><span class="pln"> </span><span class="pun">-</span><span class="pln">l session</span><span class="pun">.</span><span class="pln">log timing</span><span class="pun">.</span><span class="pln">txt</span>
  18. <span class="pun">-</span><span class="pln">rw</span><span class="pun">-</span><span class="pln">r</span><span class="pun">--</span><span class="pln">r</span><span class="pun">--.</span><span class="pln"> </span><span class="lit">1</span><span class="pln"> root root </span><span class="lit">673</span><span class="pln"> </span><span class="typ">Jun</span><span class="pln"> </span><span class="lit">21</span><span class="pln"> </span><span class="lit">02</span><span class="pun">:</span><span class="lit">28</span><span class="pln"> session</span><span class="pun">.</span><span class="pln">log</span>
  19. <span class="pun">-</span><span class="pln">rw</span><span class="pun">-</span><span class="pln">r</span><span class="pun">--</span><span class="pln">r</span><span class="pun">--.</span><span class="pln"> </span><span class="lit">1</span><span class="pln"> root root </span><span class="lit">414</span><span class="pln"> </span><span class="typ">Jun</span><span class="pln"> </span><span class="lit">21</span><span class="pln"> </span><span class="lit">02</span><span class="pun">:</span><span class="lit">28</span><span class="pln"> timing</span><span class="pun">.</span><span class="pln">txt</span>
  20. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

重放记录的 Linux 终端会话活动

现在,使用 scriptreplay 命令重放录制的终端会话活动。

注意:scriptreplay 也由 RPM 包 util-linux 提供。scriptreplay 命令需要时序文件才能工作。

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> scriptreplay </span><span class="pun">--</span><span class="pln">timing</span><span class="pun">=</span><span class="pln">timing</span><span class="pun">.</span><span class="pln">txt session</span><span class="pun">.</span><span class="pln">log</span>

上面命令的输出将如下所示,

在Linux上记录和重放终端会话活动

记录所有用户的 Linux 终端会话活动

在某些关键业务的 Linux 服务器上,我们希望跟踪所有用户的活动,这可以使用 script 命令来完成,将以下内容放在 /etc/profile 文件中,

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">profile</span>
  2. <span class="pun">……………………………………………………</span>
  3. <span class="kwd">if</span><span class="pln"> </span><span class="pun">[</span><span class="pln"> </span><span class="str">"x$SESSION_RECORD"</span><span class="pln"> </span><span class="pun">=</span><span class="pln"> </span><span class="str">"x"</span><span class="pln"> </span><span class="pun">]</span>
  4. <span class="kwd">then</span>
  5. <span class="pln">timestamp</span><span class="pun">=</span><span class="pln">$</span><span class="pun">(</span><span class="kwd">date</span><span class="pln"> </span><span class="pun">+%</span><span class="pln">d</span><span class="pun">-%</span><span class="pln">m</span><span class="pun">-%</span><span class="pln">Y</span><span class="pun">-%</span><span class="pln">T</span><span class="pun">)</span>
  6. <span class="pln">session_log</span><span class="pun">=</span><span class="str">/var/</span><span class="pln">log</span><span class="pun">/</span><span class="pln">session</span><span class="pun">/</span><span class="pln">session</span><span class="pun">.</span><span class="pln">$USER</span><span class="pun">.</span><span class="pln">$$</span><span class="pun">.</span><span class="pln">$timestamp</span>
  7. <span class="pln">SESSION_RECORD</span><span class="pun">=</span><span class="pln">started</span>
  8. <span class="kwd">export</span><span class="pln"> SESSION_RECORD</span>
  9. <span class="kwd">script</span><span class="pln"> </span><span class="pun">-</span><span class="pln">t </span><span class="pun">-</span><span class="pln">f </span><span class="pun">-</span><span class="pln">q </span><span class="lit">2</span><span class="pun">></span><span class="pln">$</span><span class="pun">{</span><span class="pln">session_log</span><span class="pun">}.</span><span class="pln">timing $session_log</span>
  10. <span class="kwd">exit</span>
  11. <span class="kwd">fi</span>
  12. <span class="pun">……………………………………………………</span>

保存文件并退出。

/var/log 文件夹下创建 session 目录:

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">mkdir</span><span class="pln"> </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">log</span><span class="pun">/</span><span class="pln">session</span>

给该文件夹指定权限:

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">chmod</span><span class="pln"> </span><span class="lit">777</span><span class="pln"> </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">log</span><span class="pun">/</span><span class="pln">session</span><span class="pun">/</span>
  2. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>

现在,验证以上代码是否有效。在我正在使用 pkumar 用户的情况下,登录普通用户到 Linux 服务器:

  1. <span class="pun">~</span><span class="pln"> </span><span class="pun">]</span><span class="pln"> </span><span class="com">#</span><span class="pln"> </span><span class="kwd">ssh</span><span class="pln"> root@linuxtechi</span>
  2. <span class="pln">root@linuxtechi</span><span class="str">'s password:</span>
  3. <span class="str">[root@linuxtechi ~]$ uptime</span>
  4. <span class="str"> 04:34:09 up 5:06, 3 users, load average: 0.00, 0.01, 0.05</span>
  5. <span class="str">[root@linuxtechi ~]$ date</span>
  6. <span class="str">Fri Jun 21 04:34:11 EDT 2019</span>
  7. <span class="str">[root@linuxtechi ~]$ free -h</span>
  8. <span class="str"> total used free shared buff/cache available</span>
  9. <span class="str">Mem: 3.9G 172M 2.0G 8.6M 1.7G 3.3G</span>
  10. <span class="str">Swap: 3.9G 0B 3.9G</span>
  11. <span class="str">[root@linuxtechi ~]$ id</span>
  12. <span class="str">uid=1001(pkumar) gid=1002(pkumar) groups=1002(pkumar) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023</span>
  13. <span class="str">[root@linuxtechi ~]$ whoami</span>
  14. <span class="str">pkumar</span>
  15. <span class="str">[root@linuxtechi ~]$ exit</span>
  16.  
  17. <span class="str">Login as root and view user’s linux terminal session activity</span>
  18.  
  19. <span class="str">[root@linuxtechi ~]# cd /var/log/session/</span>
  20. <span class="str">[root@linuxtechi session]# ls -l | grep pkumar</span>
  21. <span class="str">-rw-rw-r--. 1 pkumar pkumar 870 Jun 21 04:34 session.pkumar.19785.21-06-2019-04:34:05</span>
  22. <span class="str">-rw-rw-r--. 1 pkumar pkumar 494 Jun 21 04:34 session.pkumar.19785.21-06-2019-04:34:05.timing</span>
  23. <span class="str">[root@linuxtechi session]#</span>

在Linux上记录和重放终端会话活动

Session-output-file-linux

我们还可以使用 scriptreplay 命令来重放用户的终端会话活动:

相关推荐