acct，最初这个服务是在FreeBSD看到的，后来发现它是GNU软件的一部分，是一个多平台支持的程序.
主页: https://www.gnu.org/software/acct/
源码: http://mirrors.ustc.edu.cn/gnu/acct/

安装

# apt install acct

使用

# mkdir /var/account/ && touch /var/account/pacct   # 创建用来记录的文件
# accton /var/account/pacct # 开启记录

这样系统用户的命令执行和一些调用就会存入这个文件.

# lastcomm -f /var/account/pacct # 打印这个文件的记录

比如我的记录

bash              F    root     pts/4      0.00 secs Sun Feb 24 04:58
dircolors              root     pts/4      0.00 secs Sun Feb 24 04:58
xauth            S     root     pts/4      0.00 secs Sun Feb 24 04:58
xauth            S     luhux    pts/4      0.00 secs Sun Feb 24 04:58
ls                     luhux    pts/4      0.00 secs Sun Feb 24 04:58
chmod                  luhux    pts/4      0.00 secs Sun Feb 24 04:58
ls                     luhux    pts/4      0.00 secs Sun Feb 24 04:58
sh                     luhux    pts/4      0.00 secs Sun Feb 24 04:58
uname                  luhux    pts/4      0.00 secs Sun Feb 24 04:58
vim                  X luhux    pts/4      0.43 secs Sun Feb 24 04:58
ldconfig               luhux    pts/4      0.00 secs Sun Feb 24 04:58
ldconfig               luhux    pts/4      0.00 secs Sun Feb 24 04:58
ls                     luhux    pts/4      0.00 secs Sun Feb 24 04:58
su               S     luhux    pts/4      0.01 secs Sun Feb 24 04:29
bash             S     root     pts/4      0.21 secs Sun Feb 24 04:29
ls                     root     pts/4      0.00 secs Sun Feb 24 04:58
lastcomm               root     pts/4      0.00 secs Sun Feb 24 04:57
ls                     root     pts/4      0.00 secs Sun Feb 24 04:57
vim                    root     pts/4      0.01 secs Sun Feb 24 04:57
accton                 root     pts/4      0.00 secs Sun Feb 24 04:54
ls                     root     pts/4      0.00 secs Sun Feb 24 04:54
kworker/dying     F    root     __         0.11 secs Sun Feb 24 04:23
grep                   root     pts/4      0.00 secs Sun Feb 24 04:53
ps               S     root     pts/4      0.00 secs Sun Feb 24 04:53
ls                     root     pts/4      0.00 secs Sun Feb 24 04:53
ls                     root     pts/4      0.00 secs Sun Feb 24 04:53
ls                     root     pts/4      0.00 secs Sun Feb 24 04:53
ls                     root     pts/4      0.00 secs Sun Feb 24 04:53
bash              F    root     pts/4      0.00 secs Sun Feb 24 04:53
ls                     root     pts/4      0.00 secs Sun Feb 24 04:53

它会记录系统的所有账户的命令执行和一些调用

systemd

 # systemctl enable acct.service

openrc

# rc-update add acct boot

如果没有提供服务

自己新建一个脚本：

#!/bin/sh 

PACCT=/var/account/pacct

SERVICE="acct"
EXECBIN="/sbin/accton "   # 根据自己安装的路径改

start ()
{
	${EXECBIN} ${PACCT}
	echo "${SERVICE} 正在启动"
}

stop ()
{
     ${EXECBIN} off
     echo "正在关闭 ${SERVICE}"
}

restart ()
{
	stop
	start
}

case $1 in
	start)
	start
	;;
	stop)
	stop
	;;
	restart)
	restart
	;;
esac

写入一个脚本并加入开机脚本中

# echo '/路径/脚本 start' >> /etc/rc.local
# chmod +x /etc/rc.local

这恐怕是用作生产环境的