区分用户注销和会话过期注销(SSH和Web控制台) [英] Distinguish between user logout and session expired logout (SSH and web console)
问题描述
我们正在寻找一种解决方案,以在用户注销系统时记录事件(例如,记录到syslog中).这可能是从shell(bash)注销或使用ssh注销.我们想要区分通过退出"的显式用户注销和刚刚到期的用户会话(超时).那可能吗?如何?寻找解决方案的方向?
we are searching for a solution to log an event (for example into the syslog) when a user logs out of the system. This could be logging out from a shell (bash) or logging out using ssh. We want to distinguish between explicit user logouts via "exit" and users sessions which just expire (timeout). Is that possible? How-to? Which directions to look for a solution?
系统为RHEL7/CentOS7,并使用VMWare运行(也应记录Web控制台注销).
The system is RHEL7/CentOS7 and runs using VMWare (web console logout should also be logged).
推荐答案
您可能需要太多不同的解决方案.
You might need too different solutions.
- 对于具有登录事件的常规会话,您可以在"EXIT"事件上设置陷阱.这将涉及显式注销(CTRL/D或退出),被信号杀死(NOT信号9)以及超时.寻找bash'trap'命令.可以在loginn启动脚本(bashrc)中设置这些值
- 对于SSH会话,设置远程'bashrc'将可以捕获会话结束(包括超时,信号).
编辑
可以通过选中"$?"来获得超时"的指示.在TRAP处理程序中.它将是142,对应于ALRM信号(kill -l 142 = ARLM).这不是明确的文档,但与kill -ALRM的默认信号处理程序一致.
It's possible to get indication of 'TIMEOUT' by checking '$?' in the TRAP handler. It will be 142 corresponding to ALRM signal (kill -l 142=ARLM). This is not explicitly document, but is consistent with the default signal handler for kill -ALRM.
function my_trap {
local X=$1
if [ "$X" = "$(kill -l ALRM)" ] ; then
Log Timeout
else
Log Exit/EOF
fi
}
trap 'my_trap $?' EXIT
这篇关于区分用户注销和会话过期注销(SSH和Web控制台)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!