如何在linux平台上监视“创建用户”操作?
[英]how to monitor “create user” action on linux platform?
问题描述
currently on linux platform, 
目前在Linux平台上,
if someone or some app create a user. 如果某人或某个应用创建了用户。
Does other apps be able to get this message immediately? 其他应用程序是否可以立即收到此消息?
if yes, app can use which way to know a user is created ? 如果是,应用程序可以使用哪种方式来了解创建用户?
thanks in advance 提前致谢
1 个解决方案
解决方案1
0 2014-08-14 12:51:43
You may use similar script like below to examine the /etc/passwd file continuously. 您可以使用类似下面的脚本来连续检查/ etc / passwd文件。 You may vary "sleep" command to determine the delay. 您可以更改“ sleep”命令来确定延迟。 If you run this script in background, it will send mail when new users are added or removed. 如果在后台运行此脚本,则在添加或删除新用户时它将发送邮件。 You can feed these results to desired application by altering the code. 您可以通过更改代码将这些结果提供给所需的应用程序。
#!/bin/bash
unalias cp &>/dev/null
OLD=`wc -l "/etc/passwd" | awk '{print $1}'` && /bin/cp -f /etc/passwd /etc/passwd.old
while true ; do
sleep 1
NEW=`wc -l "/etc/passwd" | awk '{print $1}'` && MID=${NEW} && /bin/cp -f /etc/passwd /etc/passwd.copy
if [[ ${NEW} -gt ${OLD} ]]
then
DIFF=`expr ${NEW} - ${OLD}`
USERS=`tail -n ${DIFF} "/etc/passwd.copy" | awk -F: '{ print $1 }'`
echo -e "New user(s):\n ${USERS} " | mail -s "New Users Created! at `date +%c`" admin@mail.com
elif [[ ${NEW} -lt ${OLD} ]]
then
USERS=`diff -y /etc/passwd /etc/passwd.old | awk -F">" '{print $2}'| awk -F: '{print $1}' | grep -E -v "^$"`
echo -e "User(s)removed:\n ${USERS[@]}" | mail -s "Users removed at `date +%c`" admin@mail.com
fi
sleep 1
OLD=${MID} && /bin/cp -f /etc/passwd.copy /etc/passwd.old
done
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.