HP-UX

특정사용자의 커맨드실행 추적방법은..

 
김은주
조언자

특정사용자의 커맨드실행 추적방법은..

특정사용자의 행적을 추적하고 싶습니다. ^^;

다시말해 특정사용자를 지정해서 그사용자가 어떤 커맨드를 실행하고 있는지 알고싶은데 혹시 그게 가능할까요.

조언바라겠습니다.
1 응답 1
양계전
초등학생

특정사용자의 커맨드실행 추적방법은..

안녕하세요~ 양계전이에요



아마 acct를 사용하시면 될거 같네요



구성방법은 아래와 같습니다



# vi /etc/rc.config.d/acct



START_ACCT=1



# /sbin/init.d/acct start

Accounting started



이후로 login정보는 /var/adm/pacct에 저장이 됩니다.

모든 user의 command를 보려면



# /usr/sbin/acct/acctcom /var/adm/pacct





command별로 통계가 필요하다면





$ /usr/sbin/acct/acctcms -a /var/adm/pacct | more





예제로 보면 아래와 같이 나오네요.





root:/] /usr/sbin/acct/acctcom /var/adm/pacct | more







ACCOUNTING RECORDS FROM: Tue Nov 14 10:38:20 2006

COMMAND START END REAL CPU MEAN

NAME USER TTYNAME TIME TIME (SECS) (SECS) SIZE(K)

#accton root pts/tc 10:38:20 10:38:20 0.02 0.01 0.00

#turnacct root pts/tc 10:38:20 10:38:20 0.08 0.01 0.00

rm root pts/tc 10:38:20 10:38:20 0.01 0.01 0.00

rm root pts/tc 10:38:20 10:38:20 0.01 0.01 0.00

rm root pts/tc 10:38:20 10:38:20 0.01 0.01 0.00

#remove root pts/tc 10:38:20 10:38:20 0.03 0.01 0.00

#startup root pts/tc 10:38:20 10:38:20 0.17 0.01 600.00

#acct root pts/tc 10:38:20 10:38:20 0.44 0.04 154.00

rm root pts/tc 10:38:26 10:38:26 0.01 0.01 0.00

bdf root pts/tc 10:38:29 10:38:29 0.04 0.03 292.00

ls root pts/tc 10:38:30 10:38:30 0.01 0.01 0.00

rm root pts/tc 10:38:32 10:38:32 0.01 0.01 0.00

cat root pts/tc 10:38:45 10:38:45 0.01 0.01 0.00



관련파일로는



관련된 파일로는

*** Some important files for process accounting.

/var/adm/acct/nite --Daily summary files created by runacct are kept here.

/var/adm/acct/sum --Cumulative summary files updated by runacct are kept here.

/var/adm/acct/fiscal --Periodic (monthly) summary files created by monacct are

stored here.

/var/adm/pacct## --The process accounting daily log file.

/var/adm/acct/nite/statefile --State that lasst runacct completed.

/var/adm/acct/nite/active --Log file of runacct.

/var/adm/acct/nite/lastdate --Log of when the last date runacct was run.

/var/adm/acct/nite/daycms --Process usage report.



이렇게 있습니다



도움이 되었면 좋겠네요 ^^



수고하세요