记录SSH客户端登录日志

作者 LiaoJL   | 转载时请务必以超链接形式标明文章原文链接和作者信息及本版权声明。
原文链接:http://www.liaojl.com/archives/2008/05/tcpwrapper-ssh-log.html

首先,编辑脚本/usr/local/sbin/sshlog.sh,将登录信息写入日志文件。 

#!/bin/bash
LOGFILE=/var/log/ssh.log

date >> $LOGFILE
echo $1 >>$LOGFILE
echo $2 >>$LOGFILE
echo $3 >>$LOGFILE
echo $4 >>$LOGFILE
echo $5 >>$LOGFILE
echo $6 >>$LOGFILE
echo $7 >>$LOGFILE
echo $8 >>$LOGFILE
echo >>$LOGFILE

然后,编辑/etc/hosts.allow 文件,添加调用脚本信息。

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
sshd:ALL: spawn (/usr/local/sbin/sshlog.sh %a %c %d %h %n %p %s %u)

Categories:

Leave a comment

Categories

Archives

Creative Commons License
This blog is licensed under a Creative Commons License.