====== SpyShell ======

This is a shell wrapper for the script program from bsdutils that can be used in /etc/passwd as a login shell to log everything an user does. 

<code bash>
#!/bin/bash
#
# spy shell by mcree@tricon.hu
#
# This is a shell wrapper for the script program from bsdutils
# that can be used in /etc/passwd as a login shell to log
# everything an user does.
#
# Protected by the General Public License v2
#

export SHELL="/bin/bash"
script="/usr/bin/script"

mydir="/var/log/spyshell"
whoami=`/usr/bin/whoami`
date=`/bin/date +%s.%N`
mytty=`/bin/ps hTotty | head -n1 | tr '/' '_'`

myprefix="$mydir/$whoami/$date.$mytty.$$"
mkdir -p "$mydir/$whoami"

mycompress() {
    gzip -9 "$myprefix".* 2>/dev/null
    exit 0
}
trap mycompress 0

if [ "$TERM" = "dumb" ]; then    #noninteractive
    #set > $myprefix.dumb.env
    #echo "$*" > $myprefix.dumb.params
    #gzip "$myprefix".*
    ##strace -f -o $myprefix.strace /bin/bash "$@"
    exec $SHELL "$@"
else			         #interactive
    if [ -z "$SPYSHELL" ]; then
	export SPYSHELL=yes
	set > $myprefix.env
        echo "$*" > $myprefix.params
	$script -f -q -t $myprefix.log 2>$myprefix.timing
    else
	#set > $myprefix.dumber.env
	#echo "$*" > $myprefix.dumber.params
	#gzip "$myprefix".*
	exec $SHELL "$@"
    fi
fi
</code>

{{tag>util security monitor log bash}}

~~LINKBACK~~