From 9ad48df6c2875e63e42dff31982ac77e44d91c8c Mon Sep 17 00:00:00 2001 From: Marc Schoechlin Date: Fri, 13 Sep 2013 15:09:54 +0200 Subject: [PATCH 1/3] Minimal improvments --- helpers/auditshell | 2 +- helpers/auditshell_aclocal.patch | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 helpers/auditshell_aclocal.patch diff --git a/helpers/auditshell b/helpers/auditshell index 9c13d17..2cd185e 100755 --- a/helpers/auditshell +++ b/helpers/auditshell @@ -18,4 +18,4 @@ cat < >(logger -t $TYPESCRIPT) 2> >(logger -t $TIMING) +exec /usr/local/bin/script -d -e -f -q -t 5 5> >(logger -t $TYPESCRIPT) 2> >(logger -t $TIMING) diff --git a/helpers/auditshell_aclocal.patch b/helpers/auditshell_aclocal.patch new file mode 100644 index 0000000..50bc7c4 --- /dev/null +++ b/helpers/auditshell_aclocal.patch @@ -0,0 +1,14 @@ +diff --git a/configure.ac b/configure.ac +index d24ed8f..19f79e7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -10,7 +10,7 @@ AC_CONFIG_MACRO_DIR([m4]) + dnl AC_USE_SYSTEM_EXTENSIONS must be called before any macros that run + dnl the compiler (like AC_PROG_LIBTOOL) to avoid autoconf errors. + AC_USE_SYSTEM_EXTENSIONS +-AM_INIT_AUTOMAKE([-Wall foreign 1.10 tar-pax dist-bzip2 no-dist-gzip dist-xz -Wno-portability subdir-objects]) ++AM_INIT_AUTOMAKE([-Wall foreign 1.10 tar-pax dist-bzip2 no-dist-gzip -Wno-portability subdir-objects]) + + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])], + [AC_SUBST([AM_DEFAULT_VERBOSITY], [1])]) + From 9a196e6486b14f10e3de2e63b2f81e88203dacb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Sch=C3=B6chlin?= Date: Fri, 13 Sep 2013 15:15:55 +0200 Subject: [PATCH 2/3] Typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5e8198a..b52ca47 100644 --- a/README.md +++ b/README.md @@ -134,7 +134,7 @@ The logged information can also be forwarded to secured logging servers using st apt-get install libtoolize libtool autopoint pkg-config make gcc zypper install libtool gettext-tools pkg-config make gcc ``` - * Patch an install custom "script" implementation + * Patch and install custom "script" implementation ```bash cd helpers/ From 2c121f4904dc7311223cb07bc2ae285fcfd9902f Mon Sep 17 00:00:00 2001 From: root Date: Fri, 13 Sep 2013 17:05:09 +0200 Subject: [PATCH 3/3] Improved escapeing stability --- helpers/auditshell | 13 ++++++++++++- helpers/auditshell_aclocal.patch | 14 -------------- helpers/auditshell_create_sessionfiles | 21 +++++++++++++++++---- 3 files changed, 29 insertions(+), 19 deletions(-) delete mode 100644 helpers/auditshell_aclocal.patch diff --git a/helpers/auditshell b/helpers/auditshell index 2cd185e..80698da 100755 --- a/helpers/auditshell +++ b/helpers/auditshell @@ -2,6 +2,12 @@ IDENT="`date --date="today" "+%Y-%m-%d_%H-%M-%S"`.`whoami`.$$" + +# This is a file transfer, no audit shell neccessary +if (echo "$@"|egrep -q ".*scp.*");then + exec /bin/sh "$@" +fi + TYPESCRIPT="auditshell.typescript.${IDENT}" TIMING="auditshell.timing.${IDENT}" @@ -16,6 +22,11 @@ cat < >(logger -t $TYPESCRIPT) 2> >(logger -t $TIMING) +exec /usr/local/bin/script -d -e -f -q -t 5 \ + 5> >(base64|logger -t $TYPESCRIPT) \ + 2> >(base64|logger -t $TIMING) diff --git a/helpers/auditshell_aclocal.patch b/helpers/auditshell_aclocal.patch deleted file mode 100644 index 50bc7c4..0000000 --- a/helpers/auditshell_aclocal.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index d24ed8f..19f79e7 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -10,7 +10,7 @@ AC_CONFIG_MACRO_DIR([m4]) - dnl AC_USE_SYSTEM_EXTENSIONS must be called before any macros that run - dnl the compiler (like AC_PROG_LIBTOOL) to avoid autoconf errors. - AC_USE_SYSTEM_EXTENSIONS --AM_INIT_AUTOMAKE([-Wall foreign 1.10 tar-pax dist-bzip2 no-dist-gzip dist-xz -Wno-portability subdir-objects]) -+AM_INIT_AUTOMAKE([-Wall foreign 1.10 tar-pax dist-bzip2 no-dist-gzip -Wno-portability subdir-objects]) - - m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])], - [AC_SUBST([AM_DEFAULT_VERBOSITY], [1])]) - diff --git a/helpers/auditshell_create_sessionfiles b/helpers/auditshell_create_sessionfiles index 2d1126c..bf23113 100755 --- a/helpers/auditshell_create_sessionfiles +++ b/helpers/auditshell_create_sessionfiles @@ -12,6 +12,13 @@ if ( (!defined $file) || (!defined $file) ){ exit(1); } +chdir($dir); + +unless(chdir($dir)) +{ + die "Error: Can't change directory!: $!"; +} + open( INFILE, "<$file" ) || die "input-file '$file' could not be opened"; my $fdcache = {}; @@ -25,10 +32,10 @@ while (my $zeile = ) { if ( !exists $fdcache->{$ident}){ $fdcache->{$ident} = {}; - print "Open $ident.typescript\n"; - $fdcache->{$ident}->{typescript} = FileHandle->new("> $ident.typescript"); - print "Open $ident.timing\n"; - $fdcache->{$ident}->{timing} = FileHandle->new("> $ident.timing"); + print "Create $ident.typescript.base64\n"; + $fdcache->{$ident}->{typescript} = FileHandle->new("> $ident.typescript.base64"); + print "Create $ident.timing.base64\n"; + $fdcache->{$ident}->{timing} = FileHandle->new("> $ident.timing.base64"); } my $fd = $fdcache->{$ident}->{$type}; @@ -41,4 +48,10 @@ close(INFILE); foreach my $ident(keys %{$fdcache}){ close $fdcache->{$ident}->{typescript}; close $fdcache->{$ident}->{timing}; + system("base64 -d $ident.typescript.base64 |gzip -c > $ident.typescript.gz"); + system("base64 -d $ident.timing.base64 |gzip -c > $ident.timing.gz"); + unlink("$ident.timing.base64"); + unlink("$ident.typescript.base64"); + print "removed $ident.typescript.base64, created $ident.typescript.gz\n"; + print "removed $ident.timing.base64, created $ident.timing.gz\n"; }