====== SpyShell ====== This is a shell wrapper for the script program from bsdutils that can be used in /etc/passwd as a login shell to log everything an user does. #!/bin/bash # # spy shell by mcree@tricon.hu # # This is a shell wrapper for the script program from bsdutils # that can be used in /etc/passwd as a login shell to log # everything an user does. # # Protected by the General Public License v2 # export SHELL="/bin/bash" script="/usr/bin/script" mydir="/var/log/spyshell" whoami=`/usr/bin/whoami` date=`/bin/date +%s.%N` mytty=`/bin/ps hTotty | head -n1 | tr '/' '_'` myprefix="$mydir/$whoami/$date.$mytty.$$" mkdir -p "$mydir/$whoami" mycompress() { gzip -9 "$myprefix".* 2>/dev/null exit 0 } trap mycompress 0 if [ "$TERM" = "dumb" ]; then #noninteractive #set > $myprefix.dumb.env #echo "$*" > $myprefix.dumb.params #gzip "$myprefix".* ##strace -f -o $myprefix.strace /bin/bash "$@" exec $SHELL "$@" else #interactive if [ -z "$SPYSHELL" ]; then export SPYSHELL=yes set > $myprefix.env echo "$*" > $myprefix.params $script -f -q -t $myprefix.log 2>$myprefix.timing else #set > $myprefix.dumber.env #echo "$*" > $myprefix.dumber.params #gzip "$myprefix".* exec $SHELL "$@" fi fi {{tag>util security monitor log bash}} ~~LINKBACK~~