From 1618620d42518f9166495bd5f54ce8cb2c0e2c6f Mon Sep 17 00:00:00 2001
From: Marc Schoechlin <marc.schoechlin@dmc.de>
Date: Thu, 17 Oct 2013 11:05:28 +0200
Subject: [PATCH] Bugfix for remote command execution

---
 helpers/auditshell | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/helpers/auditshell b/helpers/auditshell
index a4a2d98..c7023e4 100755
--- a/helpers/auditshell
+++ b/helpers/auditshell
@@ -2,10 +2,14 @@
 
 IDENT="`date --date="today" "+%Y-%m-%d_%H-%M-%S"`.`whoami`.$$"
 
-
 # This is a file transfer, no audit shell neccessary
-if (echo "$@"|egrep -q ".*scp.*");then
+if (echo "$@"|egrep -q "^-c.*scp.*$");then
+ logger -t auditshell.filetransfer.${IDENT} <<< "/bin/sh $@"
  exec /bin/sh "$@"
+# Remote command execution
+elif (echo "$@"|egrep -q "^-c.*$");then
+ logger -t auditshell.remotecommand.${IDENT} <<< "/bin/bash $@"
+ exec /bin/bash "$@"
 fi
 
 TYPESCRIPT="auditshell.typescript.${IDENT}"