You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 lines
1.5 KiB
55 lines
1.5 KiB
#!/bin/bash -l
|
|
|
|
IDENT="`date --date="today" "+%Y-%m-%d_%H-%M-%S"`.`whoami`.$$"
|
|
|
|
LOGDIR="/var/log/auditshell/${IDENT}"
|
|
TYPESCRIPT="${LOGDIR}/typescript.${IDENT}"
|
|
TIMING="${LOGDIR}/timing.${IDENT}"
|
|
|
|
|
|
# This is a file transfer, no audit shell neccessary
|
|
if (echo "$@"|egrep -q "^-c.*scp.*$");then
|
|
logger -t auditshell.filetransfer.${IDENT} <<< "/bin/sh $@"
|
|
exec /bin/sh "$@"
|
|
# Remote command execution
|
|
elif (echo "$@"|egrep -q "^-c.*$");then
|
|
logger -t auditshell.remotecommand.${IDENT} <<< "/bin/bash $@"
|
|
exec /bin/bash "$@"
|
|
fi
|
|
|
|
|
|
if [ "$AUDITSHELL" ];then
|
|
echo "INFO: already in a auditshell session"
|
|
exit 1
|
|
fi
|
|
|
|
mkdir $LOGDIR
|
|
RET="$?"
|
|
if [ "$RET" != "0" ];then
|
|
echo "ERROR: Creation of dir '$LOGDIR' failed, exitcode $RET"
|
|
exit 1
|
|
fi
|
|
|
|
export SHELL=/bin/bash
|
|
|
|
cat <<EOF
|
|
_ _ _ ____ ___ _____ ____ _ _ _____ _ _
|
|
/ \ | | | | _ \_ _|_ _/ ___|| | | | ____| | | |
|
|
/ _ \| | | | | | | | | | \___ \| |_| | _| | | | |
|
|
/ ___ \ |_| | |_| | | | | ___) | _ | |___| |___| |___
|
|
/_/ \_\___/|____/___| |_| |____/|_| |_|_____|_____|_____|
|
|
|
|
|
|
NOTE: This shell session will be recorded
|
|
|
|
AUDIT KEY: $IDENT
|
|
|
|
EOF
|
|
|
|
export AUDITSHELL="$IDENT"
|
|
umask 0077
|
|
logger -t auditshell.session.${IDENT} <<< "Starting auditshell session for user $USER"
|
|
script -f -e -q --timing=$TIMING $TYPESCRIPT -c "/bin/bash -l"
|
|
logger -t auditshell.session.${IDENT} <<< "Finished auditshell session for user $USER"
|
|
|
|
echo "AUDITSHELL FINISHED"
|