script

Log all operations of a terminal session

Supplementary instructions

script is used to record the output information of all user operations and commands in a terminal session. In short, record everything that happens in a terminal session, just like a terminal video recorder. For example, when the user enters a command, the typing and deletion of characters will also be recorded. All user operations on the terminal, terminal echo and other information will be stored in log files in raw format, called terminal data files. The time information of the command will be stored separately as a log file in another structure, called a time log file. Use the command exit or the shortcut key Ctrl + D to stop recording.

grammar

script(option)(parameter)

Options

-a, --append # Write the operation information of the terminal session to the file in append mode (retaining the original file content)
-c, --command command # Only run the command command without opening an interactive terminal. Equivalent to opening script, executing command, and then exiting script
                           # command can be any command that can be executed in a terminal session
-e, --return # Return the exit status code of the child process
-f, --flush # Every time the content of the terminal changes, write it to the log file immediately
--force # Allow the default output terminal data file to be a symbolic link
-o, --output-limit size # Limit the size of terminal data files and time log files. When the file size reaches this limit, the child process will exit.
                           # The unit of size can be set to: KiB(=1024), KB(=1000), MiB(1024*1024), MB(=1000*1000)
                           # In the same way, it also supports GiB TiB PiB EiB ZiB YiB GB TB PB EB ZB YB
-q, --quiet # Quiet mode. Start and exit script commands without displaying any prompts
-t[file], --timing[=file] # Output time log information to standard error (stderr) or file
-V, --version # Display version information and exit
-h, --help # Display help text and exit

Parameters

• Terminal data file: Set the file name for storing terminal data information

Example

script # Turn on recording. By default, a file named typescript will be created in the current directory to save the terminal data file.
script command.log # Turn on logging and create a file named command.log in the current directory to save the terminal data file
script -t 2>time.file command.log # Turn on logging and create a file named command.log in the current directory to save the terminal data file
                                    # Create a file named time.file in the current directory to save the time log file

Record terminal information in append mode

zfb@localhost:~$ script -t 2>time.file -a -f command.log
Script started, file is command.log
zfb@localhost:~$ echo "hello, world"
hello, world
zfb@localhost:~$ echo $(date "+%Y-%m-%d %H:%M:%S")
2020-12-23 20:48:46
zfb@localhost:~$ echo "Bye"
Bye
zfb@localhost:~$ ls -al
total 20
drwxr-xr-x 2 zfb zfb 4096 Dec 23 20:48 .
drwxr-xr-x 37 zfb zfb 4096 Dec 23 20:49 ..
-rw-r--r-- 1 zfb zfb 0 Dec 23 19:03 a.txt
-rw-r--r-- 1 zfb zfb 12 Dec 23 19:04 b.txt
-rw-r--r-- 1 zfb zfb 2744 Dec 23 20:49 command.log
-rw-r--r-- 1 zfb zfb 790 Dec 23 20:49 time.file
zfb@localhost:~$ exit
Script done, file is command.log
zfb@localhost:~$

Then, the user can view the terminal data file and use it as follows

zfb@localhost:~$ cat command.log
Script started on 2020-12-23 20:48:25+08:00 [TERM="xterm-256color" TTY="/dev/pts/0" COLUMNS="75" LINES="30"]
zfb@localhost:~$ echo "hello, world"
hello, world
zfb@localhost:~$ echo $(date "+%Y-%m-%d %H:%M:%S")
2020-12-23 20:48:46
zfb@localhost:~$ echo "Bye"
Bye
zfb@localhost:~$ ls -al
total 20
drwxr-xr-x 2 zfb zfb 4096 Dec 23 20:48 .
drwxr-xr-x 37 zfb zfb 4096 Dec 23 20:49 ..
-rw-r--r-- 1 zfb zfb 0 Dec 23 19:03 a.txt
-rw-r--r-- 1 zfb zfb 12 Dec 23 19:04 b.txt
-rw-r--r-- 1 zfb zfb 2744 Dec 23 20:49 command.log
-rw-r--r-- 1 zfb zfb 790 Dec 23 20:49 time.file
zfb@localhost:~$ exit

Script done on 2020-12-23 20:49:04+08:00 [COMMAND_EXIT_CODE="0"]
zfb@localhost:~$

Among them, only the command cat command.log is user input, and the others are automatically presented. By looking at the time 2020-12-23 20:48:46 in the above output, it can be proved that this is a reproduced record rather than a re-execution of the command. In other words, you can move the time.file and command.log files to any machine and reproduce the command input and terminal echo.

Record server user session operations

Edit the file /etc/profile as root and append the following content at the end of the file

if [ $UID -ge 0 ]
then
     exec /usr/bin/script -t 2>/var/log/script-records/$USER-$UID-`date +%Y%m%d`.time -a -f -q /var/log/script -records/$USER-$UID-`date +%Y%m%d`.log
fi

Then create a folder as root to store all the operation information of each user on the server in the terminal.

sudo mkdir -p /var/log/script-records/
sudo chmod 733 /var/log/script-records/

Finally, execute the command source /etc/profile. All operations performed by any user (UID ≥ 0) on the terminal will be silently recorded and stored in days.