问题
we are searching for a solution to log an event (for example into the syslog) when a user logs out of the system. This could be logging out from a shell (bash) or logging out using ssh. We want to distinguish between explicit user logouts via "exit" and users sessions which just expire (timeout). Is that possible? How-to? Which directions to look for a solution?
The system is RHEL7/CentOS7 and runs using VMWare (web console logout should also be logged).
回答1:
You might need too different solutions.
- For normal sessions, which will have a login event, you can set a trap on the 'EXIT' event. This will cover explicit logout (CTRL/D, or exit), gettng killed by signal (NOT signal 9), and timeout. Look for bash 'trap' command. Those can be set at the loginn startup script (bashrc)
- For SSH sessions, setting the remote 'bashrc' will make it possible to capture end of session (including timeout, signal).
EDIT
It's possible to get indication of 'TIMEOUT' by checking '$?' in the TRAP handler. It will be 142 corresponding to ALRM signal (kill -l 142=ARLM). This is not explicitly document, but is consistent with the default signal handler for kill -ALRM.
function my_trap {
local X=$1
if [ "$X" = "$(kill -l ALRM)" ] ; then
Log Timeout
else
Log Exit/EOF
fi
}
trap 'my_trap $?' EXIT
来源:https://stackoverflow.com/questions/58501165/distinguish-between-user-logout-and-session-expired-logout-ssh-and-web-console