#!/bin/ksh
#
# SCRIPT: "Banybody"   boracle - This time
#
# AUTHOR: Randy Michael
# DATE: 05/08/2007
# REV: 1.0.P
# PLATFOEM: Any UNIX
#
# PURPOSE: This shell script is used to capture all "$EFF_USER" access by
#          capturing all of the terminal data in a log file using
#          the script command. This shell script is executed from the
#          command line using sudo (Super User Do). The log file
#          is kept locally and e-mailed to a log file administrative
#          user either locally or on a remote machine. Sudo must be 
#          configured for this shell script. Refer to your sudo notes.
#          The effective user, currently oracle, can be changed by 
#          setting the "EFF_USER" variable to another user, and changing
#          the name of the script. This is why the original name of the
#          script is called "Banybody"
#
# ORIGINAL USAGE:  sudo  Banybody
#
# THIS TIME USAGE ==> USAGE: sudo boracle
#
#
# REV LIST:
#          5/10/2007: Modified the script to replace the hardcoded username
#                     with the variable $EFF_USER. This allows flexibility
#                     to add auditing of more accounts be just changing
#                     the EFF_USER variable and the script name.
#
# set -n # Uncomment to check syntax without any execution 
# set -x # Uncomment to debug this shell script
#
#
################# DEFINE EFFECTIVE USER ##################

# This EFF_USER is the user name you want to be to execute
# a shell in. An su command is used to switch to this user.

EFF_USER=oracle

############# DEFINE AUDIT LOG MANAGER ###################

# This user receives all of the audit logs by e-mail. This
# Log Manager can have a local or remote e-mail address. You
# can add more than one e-mail address if you want by separating
# each address with a space.

LOG_SERVER=yogi
LOG_MANAGER="logman@$LOG_SERVER" # List to email audit log

# Set up the correct echo command usage.  Some Linux machines
# may execute all scripts in Bash shell.

case $(basename $SHELL) in
bash) alias echo="echo -e"
      ;;
esac
##########################################################
################ DEFINE FUNCTIONS HERE ###################
##########################################################

cleanup_exit ()
{
# This function is executed on any type of exit except of course
# a kill -9, which cannot be trapped. The script log file is
# emailed either locally or remotely, and the log file is 
# compressed. The last "exit" is needed so the user does not
# have the ability to get to the command line without logging.

if [[ -s ${LOGDIR}/${LOGFILE} ]] # Is it greater than zero bytes?
then
    mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER < ${LOGDIR}/${LOGFILE}
    nohup compress ${LOGDIR}/${LOGFILE} &
fi
}

# Set a trap

trap 'cleanup_exit' 1 2 3 5 15

##########################################################
################ DEFINE VARIABLES HERE ###################
##########################################################

TS=$(date +%m%d%y%H%M%S)             # File time stamp
THISHOST=$(hostname)                 # Host name of this machine
LOGDIR=/usr/local/logs/script        # Directory to hold the logs
LOGFILE=${THISHOST}.${EFF_USER}.$TS  # Creates the name of the log file
touch $LOGDIR/$LOGFILE             # Creates the actual file
TMOUT=300                          # Set the user's shell timeout!!!
export TMOUT                       # Export the TMOUT variable 
set -o vi 2>/dev/null              # To recall previous commands

# set path to include /usr/local/bin
echo $PATH|grep -q ':/usr/local/bin' || PATH=$PATH:/usr/local/bin

# Set the command prompt to override the /.profile default prompt

PS1="$THISHOST:b${EFF_USER}> "
export PS1

#################### RUN IT HERE ##########################

chmod 666 ${LOGDIR}/${LOGFILE}     # Set permission to read/write for the owner

# To get the script sesssion to work we have to use the switch user (su)
# command with the -c flag, which means execute what follows. Sudo is also 
# used just to ensure that root is executing the su command. We ARE executing
# now as root, because this script was started with sudo. If a non-configured
# sudo user tries to execute this command then it will fail unless sudo was
# used to execute this script as root. Notice we are executing the script
# command as "$EFF_USER". This variable is set at the top of the script. A
# value such as "EFF_USER=oracle" is expected.

sudo su - $EFF_USER -c "script ${LOGDIR}/${LOGFILE}"

chmod 400 ${LOGDIR}/${LOGFILE}     # Set permission to read-only for the owner

cleanup_exit                       # Execute the cleanup and exit function