#!/bin/bash -l

IDENT="`date --date="today" "+%Y-%m-%d_%H-%M-%S"`.`whoami`.$$"

LOGDIR="/var/log/auditshell/${IDENT}"
TYPESCRIPT="${LOGDIR}/typescript.${IDENT}"
TIMING="${LOGDIR}/timing.${IDENT}"


# This is a file transfer, no audit shell neccessary
if (echo "$@"|egrep -q "^-c.*scp.*$");then
 logger -t auditshell.filetransfer.${IDENT} <<< "/bin/sh $@"
 exec /bin/sh "$@"
# Remote command execution
elif (echo "$@"|egrep -q "^-c.*$");then
 logger -t auditshell.remotecommand.${IDENT} <<< "/bin/bash $@"
 exec /bin/bash "$@"
fi


if [ "$AUDITSHELL" ];then
   echo "INFO: already in a auditshell session"
   exit 1
fi

mkdir $LOGDIR
RET="$?"
if [ "$RET" != "0" ];then
   echo "ERROR: Creation of dir '$LOGDIR' failed, exitcode $RET"
   exit 1
fi 

export SHELL=/bin/bash

cat <<EOF
    _   _   _ ____ ___ _____ ____  _   _ _____ _     _     
   / \ | | | |  _ \_ _|_   _/ ___|| | | | ____| |   | |    
  / _ \| | | | | | | |  | | \___ \| |_| |  _| | |   | |    
 / ___ \ |_| | |_| | |  | |  ___) |  _  | |___| |___| |___ 
/_/   \_\___/|____/___| |_| |____/|_| |_|_____|_____|_____|
   

NOTE: This shell session will be recorded                                                         

AUDIT KEY: $IDENT

EOF

export AUDITSHELL="$IDENT"
umask 0077
logger -t auditshell.session.${IDENT} <<< "Starting auditshell session for user $USER"
script -f -e -q --timing=$TIMING $TYPESCRIPT -c "/bin/bash -l"
logger -t auditshell.session.${IDENT} <<< "Finished auditshell session for user $USER"

echo "AUDITSHELL FINISHED"