initial commit

chapter28/boracle

@@ -0,0 +1,123 @@
+#!/bin/ksh
+#
+# SCRIPT: "Banybody"   boracle - This time
+#
+# AUTHOR: Randy Michael
+# DATE: 05/08/2007
+# REV: 1.0.P
+# PLATFOEM: Any UNIX
+#
+# PURPOSE: This shell script is used to capture all "$EFF_USER" access by
+#          capturing all of the terminal data in a log file using
+#          the script command. This shell script is executed from the
+#          command line using sudo (Super User Do). The log file
+#          is kept locally and e-mailed to a log file administrative
+#          user either locally or on a remote machine. Sudo must be 
+#          configured for this shell script. Refer to your sudo notes.
+#          The effective user, currently oracle, can be changed by 
+#          setting the "EFF_USER" variable to another user, and changing
+#          the name of the script. This is why the original name of the
+#          script is called "Banybody"
+#
+# ORIGINAL USAGE:  sudo  Banybody
+#
+# THIS TIME USAGE ==> USAGE: sudo boracle
+#
+#
+# REV LIST:
+#          5/10/2007: Modified the script to replace the hardcoded username
+#                     with the variable $EFF_USER. This allows flexibility
+#                     to add auditing of more accounts be just changing
+#                     the EFF_USER variable and the script name.
+#
+# set -n # Uncomment to check syntax without any execution 
+# set -x # Uncomment to debug this shell script
+#
+#
+################# DEFINE EFFECTIVE USER ##################
+
+# This EFF_USER is the user name you want to be to execute
+# a shell in. An su command is used to switch to this user.
+
+EFF_USER=oracle
+
+############# DEFINE AUDIT LOG MANAGER ###################
+
+# This user receives all of the audit logs by e-mail. This
+# Log Manager can have a local or remote e-mail address. You
+# can add more than one e-mail address if you want by separating
+# each address with a space.
+
+LOG_SERVER=yogi
+LOG_MANAGER="logman@$LOG_SERVER" # List to email audit log
+
+# Set up the correct echo command usage.  Some Linux machines
+# may execute all scripts in Bash shell.
+
+case $(basename $SHELL) in
+bash) alias echo="echo -e"
+      ;;
+esac
+##########################################################
+################ DEFINE FUNCTIONS HERE ###################
+##########################################################
+
+cleanup_exit ()
+{
+# This function is executed on any type of exit except of course
+# a kill -9, which cannot be trapped. The script log file is
+# emailed either locally or remotely, and the log file is 
+# compressed. The last "exit" is needed so the user does not
+# have the ability to get to the command line without logging.
+
+if [[ -s ${LOGDIR}/${LOGFILE} ]] # Is it greater than zero bytes?
+then
+    mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER < ${LOGDIR}/${LOGFILE}
+    nohup compress ${LOGDIR}/${LOGFILE} &
+fi
+}
+
+# Set a trap
+
+trap 'cleanup_exit' 1 2 3 5 15
+
+##########################################################
+################ DEFINE VARIABLES HERE ###################
+##########################################################
+
+TS=$(date +%m%d%y%H%M%S)             # File time stamp
+THISHOST=$(hostname)                 # Host name of this machine
+LOGDIR=/usr/local/logs/script        # Directory to hold the logs
+LOGFILE=${THISHOST}.${EFF_USER}.$TS  # Creates the name of the log file
+touch $LOGDIR/$LOGFILE             # Creates the actual file
+TMOUT=300                          # Set the user's shell timeout!!!
+export TMOUT                       # Export the TMOUT variable 
+set -o vi 2>/dev/null              # To recall previous commands
+
+# set path to include /usr/local/bin
+echo $PATH|grep -q ':/usr/local/bin' || PATH=$PATH:/usr/local/bin
+
+# Set the command prompt to override the /.profile default prompt
+
+PS1="$THISHOST:b${EFF_USER}> "
+export PS1
+
+#################### RUN IT HERE ##########################
+
+chmod 666 ${LOGDIR}/${LOGFILE}     # Set permission to read/write for the owner
+
+# To get the script sesssion to work we have to use the switch user (su)
+# command with the -c flag, which means execute what follows. Sudo is also 
+# used just to ensure that root is executing the su command. We ARE executing
+# now as root, because this script was started with sudo. If a non-configured
+# sudo user tries to execute this command then it will fail unless sudo was
+# used to execute this script as root. Notice we are executing the script
+# command as "$EFF_USER". This variable is set at the top of the script. A
+# value such as "EFF_USER=oracle" is expected.
+
+sudo su - $EFF_USER -c "script ${LOGDIR}/${LOGFILE}"
+
+chmod 400 ${LOGDIR}/${LOGFILE}     # Set permission to read-only for the owner
+
+cleanup_exit                       # Execute the cleanup and exit function
+

chapter28/boracle.bash

@@ -0,0 +1,123 @@
+#!/bin/bash
+#
+# SCRIPT: "Banybody"   boracle.bash - This time
+#
+# AUTHOR: Randy Michael
+# DATE: 05/08/2007
+# REV: 1.0.P
+# PLATFOEM: Any UNIX
+#
+# PURPOSE: This shell script is used to capture all "$EFF_USER" access by
+#          capturing all of the terminal data in a log file using
+#          the script command. This shell script is executed from the
+#          command line using sudo (Super User Do). The log file
+#          is kept locally and e-mailed to a log file administrative
+#          user either locally or on a remote machine. Sudo must be 
+#          configured for this shell script. Refer to your sudo notes.
+#          The effective user, currently oracle, can be changed by 
+#          setting the "EFF_USER" variable to another user, and changing
+#          the name of the script. This is why the original name of the
+#          script is called "Banybody"
+#
+# ORIGINAL USAGE:  sudo  Banybody
+#
+# THIS TIME USAGE ==> USAGE: sudo boracle
+#
+#
+# REV LIST:
+#          5/10/2007: Modified the script to replace the hardcoded username
+#                     with the variable $EFF_USER. This allows flexibility
+#                     to add auditing of more accounts be just changing
+#                     the EFF_USER variable and the script name.
+#
+# set -n # Uncomment to check syntax without any execution 
+# set -x # Uncomment to debug this shell script
+#
+#
+################# DEFINE EFFECTIVE USER ##################
+
+# This EFF_USER is the user name you want to be to execute
+# a shell in. An su command is used to switch to this user.
+
+EFF_USER=oracle
+
+############# DEFINE AUDIT LOG MANAGER ###################
+
+# This user receives all of the audit logs by e-mail. This
+# Log Manager can have a local or remote e-mail address. You
+# can add more than one e-mail address if you want by separating
+# each address with a space.
+
+LOG_SERVER=yogi
+LOG_MANAGER="logman@$LOG_SERVER" # List to email audit log
+
+# Set up the correct echo command usage.  Some Linux machines
+# may execute all scripts in Bash shell.
+
+case $(basename $SHELL) in
+bash) alias echo="echo -e"
+      ;;
+esac
+##########################################################
+################ DEFINE FUNCTIONS HERE ###################
+##########################################################
+
+cleanup_exit ()
+{
+# This function is executed on any type of exit except of course
+# a kill -9, which cannot be trapped. The script log file is
+# emailed either locally or remotely, and the log file is 
+# compressed. The last "exit" is needed so the user does not
+# have the ability to get to the command line without logging.
+
+if [[ -s ${LOGDIR}/${LOGFILE} ]] # Is it greater than zero bytes?
+then
+    mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER < ${LOGDIR}/${LOGFILE}
+    nohup compress ${LOGDIR}/${LOGFILE} &
+fi
+}
+
+# Set a trap
+
+trap 'cleanup_exit' 1 2 3 5 15
+
+##########################################################
+################ DEFINE VARIABLES HERE ###################
+##########################################################
+
+TS=$(date +%m%d%y%H%M%S)             # File time stamp
+THISHOST=$(hostname)                 # Host name of this machine
+LOGDIR=/usr/local/logs/script        # Directory to hold the logs
+LOGFILE=${THISHOST}.${EFF_USER}.$TS  # Creates the name of the log file
+touch $LOGDIR/$LOGFILE             # Creates the actual file
+TMOUT=300                          # Set the user's shell timeout!!!
+export TMOUT                       # Export the TMOUT variable 
+set -o vi 2>/dev/null              # To recall previous commands
+
+# set path to include /usr/local/bin
+echo $PATH|grep -q ':/usr/local/bin' || PATH=$PATH:/usr/local/bin
+
+# Set the command prompt to override the /.profile default prompt
+
+PS1="$THISHOST:b${EFF_USER}> "
+export PS1
+
+#################### RUN IT HERE ##########################
+
+chmod 666 ${LOGDIR}/${LOGFILE}     # Set permission to read/write for the owner
+
+# To get the script sesssion to work we have to use the switch user (su)
+# command with the -c flag, which means execute what follows. Sudo is also 
+# used just to ensure that root is executing the su command. We ARE executing
+# now as root, because this script was started with sudo. If a non-configured
+# sudo user tries to execute this command then it will fail unless sudo was
+# used to execute this script as root. Notice we are executing the script
+# command as "$EFF_USER". This variable is set at the top of the script. A
+# value such as "EFF_USER=oracle" is expected.
+
+sudo su - $EFF_USER -c "script ${LOGDIR}/${LOGFILE}"
+
+chmod 400 ${LOGDIR}/${LOGFILE}     # Set permission to read-only for the owner
+
+cleanup_exit                       # Execute the cleanup and exit function
+

chapter28/broot

@@ -0,0 +1,94 @@
+#!/bin/ksh
+#
+# SCRIPT: broot
+#
+# AUTHOR: Randy Michael
+# DATE: 05/08/2007
+# REV: 1.0.P
+# PLATFORM: Any Unix
+#
+# PURPOSE: This shell script is used to monitor a login session by
+#          capturing all of the terminal data in a log file using
+#          the script command. This shell script name should be
+#          the last entry in the user.s $HOME/.profile. The log file
+#          is both kept locally and emailed to a log file
+#          administrative user either locally or on a remote machine.
+#
+# REV LIST:
+#
+#
+# set -n # Uncomment to check syntax without any execution
+# set -x # Uncomment to debug this shell script
+#
+############# DEFINE AUDIT LOG MANAGER ###################
+#
+# This user receives all of the audit logs by email. This
+# Log Manager can have a local or remote email address. You
+# can add more than one email address if you want by separating
+# each address with a space.
+
+LOG_MANAGER="logman" # List to email audit log
+
+##########################################################
+################ DEFINE FUNCTIONS HERE ###################
+##########################################################
+
+cleanup_exit ()
+{
+# This function is executed on any type of exit except of course
+# a kill -9, which cannot be trapped. The script log file is
+# emailed either locally or remotely, and the log file is
+# compressed. The last "exit" is needed so the user does not
+# have the ability to get to the command line without logging.
+
+if [[ -s ${LOGDIR}/${LOGFILE} ]]
+then
+     mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER \
+            < ${LOGDIR}/${LOGFILE}
+     compress ${LOGDIR}/${LOGFILE} 2>/dev/null
+fi
+exit
+}
+
+# Set a trap
+
+trap 'cleanup_exit' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 26
+
+##########################################################
+################ DEFINE VARIABLES HERE ###################
+##########################################################
+
+TS=$(date +%m%d%y%H%M%S)           # File time stamp
+THISHOST=$(hostname|cut -f1-2 -d.) # Host name of this machine
+LOGDIR=/usr/local/logs/script      # Directory to hold the logs
+LOGFILE=${THISHOST}.${LOGNAME}.$TS # Creates the name of the log file
+touch $LOGDIR/$LOGFILE             # Creates the actual file
+TMOUT=300                          # Set the root shell timeout!!!
+export TMOUT                       # Export the TMOUT variable
+
+# Run root's .profile if one exists
+
+if [[ -f $HOME/.profile ]]
+then
+     . $HOME/.profile
+fi
+
+# set path to include /usr/local/bin
+echo $PATH | grep -q ':/usr/local/bin' || PATH=$PATH:/usr/local/bin
+
+# Set the command prompt to override the /.profile default prompt
+
+PS1="$THISHOST:broot> "
+export PS1
+
+#################### RUN IT HERE ##########################
+
+chmod 600 ${LOGDIR}/${LOGFILE} # Change permission to RW for the owner
+
+script ${LOGDIR}/${LOGFILE} # Start the script monitoring session
+
+chmod 400 ${LOGDIR}/${LOGFILE} # Set permission to read-only 
+                               # for the owner
+
+cleanup_exit # Execute the cleanup and exit function
+

chapter28/broot.bash

@@ -0,0 +1,94 @@
+#!/bin/bash
+#
+# SCRIPT: broot.bash
+#
+# AUTHOR: Randy Michael
+# DATE: 05/08/2007
+# REV: 1.0.P
+# PLATFORM: Any Unix
+#
+# PURPOSE: This shell script is used to monitor a login session by
+#          capturing all of the terminal data in a log file using
+#          the script command. This shell script name should be
+#          the last entry in the user.s $HOME/.profile. The log file
+#          is both kept locally and emailed to a log file
+#          administrative user either locally or on a remote machine.
+#
+# REV LIST:
+#
+#
+# set -n # Uncomment to check syntax without any execution
+# set -x # Uncomment to debug this shell script
+#
+############# DEFINE AUDIT LOG MANAGER ###################
+#
+# This user receives all of the audit logs by email. This
+# Log Manager can have a local or remote email address. You
+# can add more than one email address if you want by separating
+# each address with a space.
+
+LOG_MANAGER="logman" # List to email audit log
+
+##########################################################
+################ DEFINE FUNCTIONS HERE ###################
+##########################################################
+
+cleanup_exit ()
+{
+# This function is executed on any type of exit except of course
+# a kill -9, which cannot be trapped. The script log file is
+# emailed either locally or remotely, and the log file is
+# compressed. The last "exit" is needed so the user does not
+# have the ability to get to the command line without logging.
+
+if [[ -s ${LOGDIR}/${LOGFILE} ]]
+then
+     mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER \
+            < ${LOGDIR}/${LOGFILE}
+     compress ${LOGDIR}/${LOGFILE} 2>/dev/null
+fi
+exit
+}
+
+# Set a trap
+
+trap 'cleanup_exit' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 26
+
+##########################################################
+################ DEFINE VARIABLES HERE ###################
+##########################################################
+
+TS=$(date +%m%d%y%H%M%S)           # File time stamp
+THISHOST=$(hostname|cut -f1-2 -d.) # Host name of this machine
+LOGDIR=/usr/local/logs/script      # Directory to hold the logs
+LOGFILE=${THISHOST}.${LOGNAME}.$TS # Creates the name of the log file
+touch $LOGDIR/$LOGFILE             # Creates the actual file
+TMOUT=300                          # Set the root shell timeout!!!
+export TMOUT                       # Export the TMOUT variable
+
+# Run root's .profile if one exists
+
+if [[ -f $HOME/.profile ]]
+then
+     . $HOME/.profile
+fi
+
+# set path to include /usr/local/bin
+echo $PATH | grep -q ':/usr/local/bin' || PATH=$PATH:/usr/local/bin
+
+# Set the command prompt to override the /.profile default prompt
+
+PS1="$THISHOST:broot> "
+export PS1
+
+#################### RUN IT HERE ##########################
+
+chmod 600 ${LOGDIR}/${LOGFILE} # Change permission to RW for the owner
+
+script ${LOGDIR}/${LOGFILE} # Start the script monitoring session
+
+chmod 400 ${LOGDIR}/${LOGFILE} # Set permission to read-only 
+                               # for the owner
+
+cleanup_exit # Execute the cleanup and exit function
+

chapter28/function_cleanup_exit

@@ -0,0 +1,15 @@
+cleanup_exit ()
+{
+# This function is executed on any type of exit except of course
+# a kill -9, which cannot be trapped. The script log file is
+# emailed either locally or remotely, and the log file is
+# compressed. The last "exit" is needed so the user does not
+# have the ability to get to the command line without logging.
+
+if [[ -s ${LOGDIR}/${LOGFILE} ]] # Is it greater than zero bytes?
+then
+    mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER < ${LOGDIR}/${LOGFILE}
+    nohup compress ${LOGDIR}/${LOGFILE} &
+fi
+}
+

chapter28/log_keystrokes.bash

@@ -0,0 +1,81 @@
+#!/bin/bash
+#
+# SCRIPT: log_keystrokes.bash
+#
+# AUTHOR: Randy Michael
+# DATE: 05/08/2007
+# REV: 1.0.P
+# PLATFOEM: Any UNIX
+#
+# PURPOSE: This shell script is used to monitor a login session by
+#          capturing all of the terminal data in a log file using
+#          the script command. This shell script name should be
+#          the last entry in the user's $HOME/.profile. The log file
+#          is both kept locally and e-mailed to a log file administrative
+#          user either locally or on a remote machine.
+#
+# REV LIST:
+#
+#
+# set -n # Uncomment to check syntax without any execution 
+# set -x # Uncomment to debug this shell script
+#
+############# DEFINE AUDIT LOG MANAGER ###################
+
+# This user receives all of the audit logs by e-mail. This
+# Log Manager can have a local or remote e-mail address. You
+# can add more than one e-mail address if you want by separating
+# each address with a space.
+
+LOG_MANAGER="logman"     # List to e-mail audit log
+
+##########################################################
+################ DEFINE FUNCTIONS HERE ###################
+##########################################################
+
+cleanup_exit ()
+{
+# This function is executed on any type of exit except of course
+# a kill -9, which cannot be trapped. The script log file is
+# e-mailed either locally or remotely and the log file is 
+# compressed. The last "exit" is needed so the user does not
+# have the ability to get to the command line without logging.
+
+if [[ -s ${LOGDIR}/${LOGFILE} ]]
+then
+    mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER \
+        < ${LOGDIR}/${LOGFILE}
+    compress ${LOGDIR}/${LOGFILE} 2>/dev/null 
+fi
+
+exit
+}
+
+# Set a trap
+
+trap 'cleanup_exit' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 26
+
+##########################################################
+################ DEFINE VARIABLES HERE ###################
+##########################################################
+
+TS=$(date +%m%d%y%H%M%S)           # File time stamp
+THISHOST=$(hostname|cut -f1-2 -d.) # Host name of this machine
+LOGDIR=/usr/local/logs/script      # Directory to hold the logs
+LOGFILE=${THISHOST}.${LOGNAME}.$TS # Creates the name of the log file
+touch $LOGDIR/$LOGFILE             # Creates the actual file
+set -o vi 2>/dev/null              # Previous commands recall
+
+# Set the command prompt
+export PS1="[$LOGNAME:$THISHOST]@"'$PWD> '
+
+#################### RUN IT HERE ##########################
+
+chmod 600 ${LOGDIR}/${LOGFILE}     # Change permission to RW for the owner
+
+script ${LOGDIR}/${LOGFILE}        # Start the script monitoring session
+
+chmod 400 ${LOGDIR}/${LOGFILE}     # Set permission to read-only for the owner
+
+cleanup_exit                       # Execute the cleanup and exit function
+

chapter28/log_keystrokes.ksh

@@ -0,0 +1,81 @@
+#!/bin/ksh
+#
+# SCRIPT: log_keystrokes.ksh
+#
+# AUTHOR: Randy Michael
+# DATE: 05/08/2002
+# REV: 1.0.P
+# PLATFOEM: Any UNIX
+#
+# PURPOSE: This shell script is used to monitor a login session by
+#          capturing all of the terminal data in a log file using
+#          the script command. This shell script name should be
+#          the last entry in the user's $HOME/.profile. The log file
+#          is both kept locally and e-mailed to a log file administrative
+#          user either locally or on a remote machine.
+#
+# REV LIST:
+#
+#
+# set -n # Uncomment to check syntax without any execution 
+# set -x # Uncomment to debug this shell script
+#
+############# DEFINE AUDIT LOG MANAGER ###################
+
+# This user receives all of the audit logs by e-mail. This
+# Log Manager can have a local or remote e-mail address. You
+# can add more than one e-mail address if you want by separating
+# each address with a space.
+
+LOG_MANAGER="logman"     # List to e-mail audit log
+
+##########################################################
+################ DEFINE FUNCTIONS HERE ###################
+##########################################################
+
+cleanup_exit ()
+{
+# This function is executed on any type of exit except of course
+# a kill -9, which cannot be trapped. The script log file is
+# e-mailed either locally or remotely and the log file is 
+# compressed. The last "exit" is needed so the user does not
+# have the ability to get to the command line without logging.
+
+if [[ -s ${LOGDIR}/${LOGFILE} ]]
+then
+    mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER \
+        < ${LOGDIR}/${LOGFILE}
+    compress ${LOGDIR}/${LOGFILE} 2>/dev/null 
+fi
+
+exit
+}
+
+# Set a trap
+
+trap 'cleanup_exit' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 26
+
+##########################################################
+################ DEFINE VARIABLES HERE ###################
+##########################################################
+
+TS=$(date +%m%d%y%H%M%S)           # File time stamp
+THISHOST=$(hostname|cut -f1-2 -d.) # Host name of this machine
+LOGDIR=/usr/local/logs/script      # Directory to hold the logs
+LOGFILE=${THISHOST}.${LOGNAME}.$TS # Creates the name of the log file
+touch $LOGDIR/$LOGFILE             # Creates the actual file
+set -o vi 2>/dev/null              # Previous commands recall
+
+# Set the command prompt
+export PS1="[$LOGNAME:$THISHOST]@"'$PWD> '
+
+#################### RUN IT HERE ##########################
+
+chmod 600 ${LOGDIR}/${LOGFILE}     # Change permission to RW for the owner
+
+script ${LOGDIR}/${LOGFILE}        # Start the script monitoring session
+
+chmod 400 ${LOGDIR}/${LOGFILE}     # Set permission to read-only for the owner
+
+cleanup_exit                       # Execute the cleanup and exit function
+