RuhNetConsulting
/
scriptreplay_ng
mirror of https://github.com/scoopex/scriptreplay_ng
1
0
Fork 0
Code Issues 0 Projects 0 Releases 1 Wiki Activity
Browse Source

Merge branch 'master' of github.com:scoopex/scriptreplay_ng

pull/1/head
Marc Schoechlin 12 years ago
parent
19aef41dcf 2c121f4904
commit
81c4444fd7
3 changed files with 30 additions and 6 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      README.md
  2. +12
    -1
      helpers/auditshell
  3. +17
    -4
      helpers/auditshell_create_sessionfiles

+ 1
- 1
README.md View File

@ -134,7 +134,7 @@ The logged information can also be forwarded to secured logging servers using st
apt-get install libtoolize libtool autopoint pkg-config make gcc
zypper install libtool gettext-tools pkg-config make gcc autoconf automake
```
* Patch an install custom "script" implementation
* Patch and install custom "script" implementation
```bash
cd helpers/


+ 12
- 1
helpers/auditshell View File

@ -2,6 +2,12 @@
IDENT="`date --date="today" "+%Y-%m-%d_%H-%M-%S"`.`whoami`.$$"
# This is a file transfer, no audit shell neccessary
if (echo "$@"|egrep -q ".*scp.*");then
exec /bin/sh "$@"
fi
TYPESCRIPT="auditshell.typescript.${IDENT}"
TIMING="auditshell.timing.${IDENT}"
@ -16,6 +22,11 @@ cat <<EOF
NOTE: This shell session will be recorded
AUDIT KEY: $IDENT
EOF
exec /usr/local/bin/script -d -f -q -t 5 5> >(logger -t $TYPESCRIPT) 2> >(logger -t $TIMING)
exec /usr/local/bin/script -d -e -f -q -t 5 \
5> >(base64|logger -t $TYPESCRIPT) \
2> >(base64|logger -t $TIMING)

+ 17
- 4
helpers/auditshell_create_sessionfiles View File

@ -12,6 +12,13 @@ if ( (!defined $file) || (!defined $file) ){
exit(1);
}
chdir($dir);
unless(chdir($dir))
{
die "Error: Can't change directory!: $!";
}
open( INFILE, "<$file" ) || die "input-file '$file' could not be opened";
my $fdcache = {};
@ -25,10 +32,10 @@ while (my $zeile = <INFILE>) {
if ( !exists $fdcache->{$ident}){
$fdcache->{$ident} = {};
print "Open $ident.typescript\n";
$fdcache->{$ident}->{typescript} = FileHandle->new("> $ident.typescript");
print "Open $ident.timing\n";
$fdcache->{$ident}->{timing} = FileHandle->new("> $ident.timing");
print "Create $ident.typescript.base64\n";
$fdcache->{$ident}->{typescript} = FileHandle->new("> $ident.typescript.base64");
print "Create $ident.timing.base64\n";
$fdcache->{$ident}->{timing} = FileHandle->new("> $ident.timing.base64");
}
my $fd = $fdcache->{$ident}->{$type};
@ -41,4 +48,10 @@ close(INFILE);
foreach my $ident(keys %{$fdcache}){
close $fdcache->{$ident}->{typescript};
close $fdcache->{$ident}->{timing};
system("base64 -d $ident.typescript.base64 |gzip -c > $ident.typescript.gz");
system("base64 -d $ident.timing.base64 |gzip -c > $ident.timing.gz");
unlink("$ident.timing.base64");
unlink("$ident.typescript.base64");
print "removed $ident.typescript.base64, created $ident.typescript.gz\n";
print "removed $ident.timing.base64, created $ident.timing.gz\n";
}

Write Preview
Loading…
Cancel
Save