我有一个Linux服务器,其中包含一个重要的脚本xyz.sh。有时会有 10-50 个用户登录到该计算机。是否可以找到谁在运行该脚本?另外,是否可以获得所有运行脚本 xyz.sh 的日志;意味着是否可以提取脚本运行的历史记录?
最佳答案
要在所有者脚本运行时对其进行简单的即时检查,您可以使用:
$ ps -e -o euid,pid,euser,state,command | grep "xyz.sh"|grep -v grep
0 31096 root S /bin/bash ./xyz.sh
1000 31030 ale S /bin/bash ./xyz.sh
应该可以使用此脚本记录 ps 输出:
#!/bin/bash
SECONDS=5
TARGET=xyz.sh
OUT=/var/tmp/xyz_history.log
while true
do
sleep $SECONDS
echo "$(date '+TIME:%H:%M:%S';ps -e -opid,user,command|grep $TARGET | grep -v grep)"
done >> $OUT
exit 0
输出:
$ tail -f /var/tmp/xyz_history.log
TIME:14:13:37
496 postgres /bin/bash ./xyz.sh
625 ale /bin/bash ./xyz.sh
32137 root /bin/bash ./xyz.sh
TIME:14:13:38
496 postgres /bin/bash ./xyz.sh
625 ale /bin/bash ./xyz.sh
32137 root /bin/bash ./xyz.sh
TIME:14:13:39
496 postgres /bin/bash ./xyz.sh
625 ale /bin/bash ./xyz.sh
TIME:14:13:40
496 postgres /bin/bash ./xyz.sh
625 ale /bin/bash ./xyz.sh
...
这当然不是一个干净的解决方案。如果您可以在系统上安装软件包并以 super 用户身份运行命令,则更好的解决方案是使用 lastcomm:
# lastcomm xyz.sh
xyz.sh X ale pts/1 0.00 secs Fri Sep 11 14:12
xyz.sh X root pts/3 0.00 secs Fri Sep 11 14:00
xyz.sh X ale pts/4 0.00 secs Fri Sep 11 14:08
xyz.sh X ale pts/4 0.00 secs Fri Sep 11 14:00
xyz.sh X root pts/4 0.00 secs Fri Sep 11 13:54
xyz.sh X ale pts/1 0.00 secs Fri Sep 11 13:51
xyz.sh X root pts/3 0.00 secs Fri Sep 11 13:42
xyz.sh X ale pts/1 0.00 secs Fri Sep 11 13:36
xyz.sh X ale pts/1 0.00 secs Fri Sep 11 13:36
xyz.sh X ale pts/1 0.00 secs Fri Sep 11 13:36
xyz.sh X ale pts/1 0.00 secs Fri Sep 11 13:36
xyz.sh X postgres pts/1 0.00 secs Fri Sep 11 13:36
xyz.sh X ale pts/1 0.00 secs Fri Sep 11 13:36
xyz.sh X root pts/1 0.00 secs Fri Sep 11 13:36
xyz.sh X ale pts/1 0.00 secs Fri Sep 11 13:36
可以从 psacct (centos/redhat) 或 acct 软件包 (debian/ubuntu/OpenSuse) 安装命令 lastcomm。
关于linux - Shell脚本在多用户环境下运行,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32520636/