#!/bin/bash -l

IDENT="`date --date="today" "+%Y-%m-%d_%H-%M-%S"`.`whoami`.$$"

# This is a file transfer, no audit shell neccessary
if (echo "$@"|egrep -q "^-c.*scp.*$");then
 logger -t auditshell.filetransfer.${IDENT} <<< "/bin/sh $@"
 exec /bin/sh "$@"
# Remote command execution
elif (echo "$@"|egrep -q "^-c.*$");then
 logger -t auditshell.remotecommand.${IDENT} <<< "/bin/bash $@"
 exec /bin/bash "$@"
fi

TYPESCRIPT="auditshell.typescript.${IDENT}"
TIMING="auditshell.timing.${IDENT}"

export SHELL=/bin/bash

cat <<EOF
    _   _   _ ____ ___ _____ ____  _   _ _____ _     _     
   / \ | | | |  _ \_ _|_   _/ ___|| | | | ____| |   | |    
  / _ \| | | | | | | |  | | \___ \| |_| |  _| | |   | |    
 / ___ \ |_| | |_| | |  | |  ___) |  _  | |___| |___| |___ 
/_/   \_\___/|____/___| |_| |____/|_| |_|_____|_____|_____|
   

NOTE: This shell session will be recorded                                                         

AUDIT KEY: $IDENT

EOF

/usr/local/bin/script -d -e -f -q -t 5 \
        5> >(base64|logger -t $TYPESCRIPT)  \
        2> >(base64|logger -t $TIMING) 
echo "Finish"