区分用户注销和会话过期注销(SSH和Web控制台) [英] Distinguish between user logout and session expired logout (SSH and web console)

问题描述

我们正在寻找一种解决方案，以在用户注销系统时记录事件(例如，记录到syslog中).这可能是从shell(bash)注销或使用ssh注销.我们想要区分通过退出"的显式用户注销和刚刚到期的用户会话(超时).那可能吗?如何?寻找解决方案的方向?

we are searching for a solution to log an event (for example into the syslog) when a user logs out of the system. This could be logging out from a shell (bash) or logging out using ssh. We want to distinguish between explicit user logouts via "exit" and users sessions which just expire (timeout). Is that possible? How-to? Which directions to look for a solution?

系统为RHEL7/CentOS7，并使用VMWare运行(也应记录Web控制台注销).

The system is RHEL7/CentOS7 and runs using VMWare (web console logout should also be logged).

推荐答案

您可能需要太多不同的解决方案.

You might need too different solutions.

• 对于具有登录事件的常规会话，您可以在"EXIT"事件上设置陷阱.这将涉及显式注销(CTRL/D或退出)，被信号杀死(NOT信号9)以及超时.寻找bash'trap'命令.可以在loginn启动脚本(bashrc)中设置这些值
• 对于SSH会话，设置远程'bashrc'将可以捕获会话结束(包括超时，信号).

编辑

可以通过选中"$?"来获得超时"的指示.在TRAP处理程序中.它将是142，对应于ALRM信号(kill -l 142 = ARLM).这不是明确的文档，但与kill -ALRM的默认信号处理程序一致.

It's possible to get indication of 'TIMEOUT' by checking '$?' in the TRAP handler. It will be 142 corresponding to ALRM signal (kill -l 142=ARLM). This is not explicitly document, but is consistent with the default signal handler for kill -ALRM.

function my_trap {
  local X=$1
  if [ "$X" = "$(kill -l ALRM)" ] ; then
     Log Timeout
  else
     Log Exit/EOF
  fi
}

trap 'my_trap $?' EXIT

这篇关于区分用户注销和会话过期注销(SSH和Web控制台)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！