Overview
Not afraid of problems, I am afraid that the problem can not be found. The operation and maintenance team generally has a requirement to record the operation and maintenance or develop the operation records of colleagues on the server, such as conducting some regular audits or the server is hacked and the server logs are deleted. The situation needs to know what happened, and today I share with you the DIY solution for the shell and mysql operation log records of our current server. Some bastion hardware has been tested before the team, but the terminal operation is not humanized, not flexible enough, and expensive, and the hardware is easy to form a single point of failure. Of course, I have also been exposed to some open source solutions. For example, I can directly record the terminal with ttyrec and support text matching. However, serious bugs have been found in actual use, and other openssh modifications are not satisfactory. In view of the above problems, we made a simple modification to the bash and mysql code to achieve a low-cost, high-performance log audit solution.
Server log:
Let's take the "open source" solution and hope to have a little help for everyone.
1.linux bash audit everyone should have heard of the bash modification program said by the network, we have been using since 2011, experienced many bugs in the middle, repaired and optimized many times, the following will give us the details online Program. The current feature support is roughly as follows:
The same system user is accurate to the specific person's shell operation record
Support remote logging via ssh IP "command" and scp
Support different system users to continue logging when switching
New support mysql operation log
Each of the above function lists is a demand that has been practiced many times. Although it is not perfect, if it is not deliberately evading log records, it can basically meet everyone's needs. The above-mentioned records correspond to people who refer to multiple people at the same time. A system account situation, such as the root account. 1.1 Basic functions The basic function is to record the operation record of each person. There is a prototype on the network, modify the bashhist.c file, and modify the bash_syslog_history function around 701 lines. After the modification:
1.2. Fingerprint variable processing The next step is to deal with the fingerprint variable NAME_OF_KEY. The principle is also relatively simple. When everyone logs in to the system, we let him automatically execute a script, and then set this variable to a specific person. -------- Don't say that someone is still using a password to log in to the Linux server, too unprofessional -_--------- In this file ~/.ssh/authorized_keys plus key, the first The three columns are set to specific personnel. We use the pattern of the work number @name pinyin and then process it through the script. Script path /etc/bash_ywjt, content:
2. Mysql operation log has long been looking for the relevant mysql plugin, but also tried the program like audit, but the result is not the effect we need, we need the operation of the mysql operation on the server, and the mysql binlog Waiting for logs is not the same thing, and it is not the same as that recorded by .mysql_history. We need to be different to the different users of the same system. The following mysql version refers to Percona-Server-5.5. 2.1 Initially solved mysql comes with syslog log function, but need to be manually configured to open, the configuration is relatively simple: add syslog in the client field in /etc/my.cnf. 
1) When mysqldump will report an error:
2) You can easily bypass this log, add a parameter --no-defaults when you type the mysql command line. 3) Only the root account is operated in the log, and it does not reflect that someone is operating. To solve these problems, we must rely on the advantages of open source for code modification. 2.2 Source code open We can open the syslog switch in the source code, it is easier, find the client / mysql.cc this file, the switch logic is relatively simple, find the following code:
2.3 interactive records simply change the same will find a small problem, that is, directly under the shell terminal mysql can use -e command operations, such as: 
However, logging is not possible even if syslog is started as before. We have a record of the shell operation record, this problem can be ignored, but there must be a way to display it, continue to modify the code. A little look at the logic analysis can see that it is necessary to meet connect_flag == CLIENT_INTERACTIVE to write the log, find the definition of CLIENT_INTERACTIVE: the original is the definition of the interactive mode, so we can remove this "and" condition, instead:
2.4 Massive log problems There are new problems in the actual environment. For example, when importing SQL statements, logs of the same size will be generated. For example, importing 2G sql will generate 2G logs, which obviously does not meet our needs. Think of us already have bash review, -e can ignore the record when executing, but if you use mysql to reference the sql statement in the mysql, there is also this problem, so you have to continue to change the code. Find the write_syslog function, the official use of the syslog function when writing the log, there is a for loop logic, meaning that when the sql statement is very large, you need to "cut" and then write, so start from here, change the syslog to define Write within the length of MAX_SYSLOG_MESSAGE. If it is exceeded, it will be ignored. In addition, we said that we need to be precise to different people, so we introduced the fingerprint in our bash audit, the variable NAME_OF_KEY, and then introduced in mysql.cc. The key changes are as follows:
2.5 Custom parameters Although there is a log in the source code, there is still a log, but an alternate parameter can be provided to cancel this function. Change the parameter definition and change the previous syslog to something like this:
3. Remote Log Center The above logs are all recorded to the /var/log/messages file through the syslog service. More reasonable is to transfer to the remote log center for unified record management. This method is relatively simple, add the configuration in /etc/rsyslog.conf: 
4. Intranet log interception is an additional reference. Our custom system is a log server that writes all the configurations to the public network. However, there are many servers in the intranet room, which will result in the log center. There is no way to view the original intranet IP, only the export IP of the office network, and it is not convenient for each machine to change the IP of the log center, which will easily be missed. The solution is to perform "log hijacking". Log interception in our juniper firewall, and then forwarded to a log center on the intranet, reference configuration:
10-inch tablet devices have greatly surpassed netbooks in terms of entertainment, including reading, games, and audio-visual enjoyment. In other respects, the basic operation of the 10-inch tablet computer built on the touch screen ensures that the application of the tablet computer can be well realized, and its operation performance is closer to that of a smartphone.
1.In appearance, the 10-inches tablet computer looks like a large-screen mobile phone, or more like a separate LCD screen.
2.In terms of hardware configuration, the 10-inches tablet computer has all the hardware devices of a traditional computer, and has its own unique operating system, compatible with a variety of applications, and has a complete set of computer functions.
3.The 10-inches tablet computer is a miniaturized computer. Compared with traditional desktop computers, tablet computers are mobile and flexible. Compared with Laptops, tablets are smaller and more portable
4.The 10-inches tablet is a digital notebook with digital ink function. In daily use, you can use the tablet computer like an ordinary notebook, take notes anytime and anywhere, and leave your own notes in electronic texts and documents.
10 Inches Tablet Pc,Tablet Pc Android,10 Inch Quad Core Tablet,Tablet 10 Inch
Jingjiang Gisen Technology Co.,Ltd , https://www.jsgisengroup.com