You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 lines
1.1 KiB
37 lines
1.1 KiB
#!/bin/bash -l
|
|
|
|
IDENT="`date --date="today" "+%Y-%m-%d_%H-%M-%S"`.`whoami`.$$"
|
|
|
|
# This is a file transfer, no audit shell neccessary
|
|
if (echo "$@"|egrep -q "^-c.*scp.*$");then
|
|
logger -t auditshell.filetransfer.${IDENT} <<< "/bin/sh $@"
|
|
exec /bin/sh "$@"
|
|
# Remote command execution
|
|
elif (echo "$@"|egrep -q "^-c.*$");then
|
|
logger -t auditshell.remotecommand.${IDENT} <<< "/bin/bash $@"
|
|
exec /bin/bash "$@"
|
|
fi
|
|
|
|
TYPESCRIPT="auditshell.typescript.${IDENT}"
|
|
TIMING="auditshell.timing.${IDENT}"
|
|
|
|
export SHELL=/bin/bash
|
|
|
|
cat <<EOF
|
|
_ _ _ ____ ___ _____ ____ _ _ _____ _ _
|
|
/ \ | | | | _ \_ _|_ _/ ___|| | | | ____| | | |
|
|
/ _ \| | | | | | | | | | \___ \| |_| | _| | | | |
|
|
/ ___ \ |_| | |_| | | | | ___) | _ | |___| |___| |___
|
|
/_/ \_\___/|____/___| |_| |____/|_| |_|_____|_____|_____|
|
|
|
|
|
|
NOTE: This shell session will be recorded
|
|
|
|
AUDIT KEY: $IDENT
|
|
|
|
EOF
|
|
|
|
/usr/local/bin/script -d -e -f -q -t 5 \
|
|
5> >(base64|logger -t $TYPESCRIPT) \
|
|
2> >(base64|logger -t $TIMING)
|
|
echo "Finish"
|