124 lines
4.6 KiB
Bash
Executable File
124 lines
4.6 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# SCRIPT: "Banybody" boracle.bash - This time
|
|
#
|
|
# AUTHOR: Randy Michael
|
|
# DATE: 05/08/2007
|
|
# REV: 1.0.P
|
|
# PLATFOEM: Any UNIX
|
|
#
|
|
# PURPOSE: This shell script is used to capture all "$EFF_USER" access by
|
|
# capturing all of the terminal data in a log file using
|
|
# the script command. This shell script is executed from the
|
|
# command line using sudo (Super User Do). The log file
|
|
# is kept locally and e-mailed to a log file administrative
|
|
# user either locally or on a remote machine. Sudo must be
|
|
# configured for this shell script. Refer to your sudo notes.
|
|
# The effective user, currently oracle, can be changed by
|
|
# setting the "EFF_USER" variable to another user, and changing
|
|
# the name of the script. This is why the original name of the
|
|
# script is called "Banybody"
|
|
#
|
|
# ORIGINAL USAGE: sudo Banybody
|
|
#
|
|
# THIS TIME USAGE ==> USAGE: sudo boracle
|
|
#
|
|
#
|
|
# REV LIST:
|
|
# 5/10/2007: Modified the script to replace the hardcoded username
|
|
# with the variable $EFF_USER. This allows flexibility
|
|
# to add auditing of more accounts be just changing
|
|
# the EFF_USER variable and the script name.
|
|
#
|
|
# set -n # Uncomment to check syntax without any execution
|
|
# set -x # Uncomment to debug this shell script
|
|
#
|
|
#
|
|
################# DEFINE EFFECTIVE USER ##################
|
|
|
|
# This EFF_USER is the user name you want to be to execute
|
|
# a shell in. An su command is used to switch to this user.
|
|
|
|
EFF_USER=oracle
|
|
|
|
############# DEFINE AUDIT LOG MANAGER ###################
|
|
|
|
# This user receives all of the audit logs by e-mail. This
|
|
# Log Manager can have a local or remote e-mail address. You
|
|
# can add more than one e-mail address if you want by separating
|
|
# each address with a space.
|
|
|
|
LOG_SERVER=yogi
|
|
LOG_MANAGER="logman@$LOG_SERVER" # List to email audit log
|
|
|
|
# Set up the correct echo command usage. Some Linux machines
|
|
# may execute all scripts in Bash shell.
|
|
|
|
case $(basename $SHELL) in
|
|
bash) alias echo="echo -e"
|
|
;;
|
|
esac
|
|
##########################################################
|
|
################ DEFINE FUNCTIONS HERE ###################
|
|
##########################################################
|
|
|
|
cleanup_exit ()
|
|
{
|
|
# This function is executed on any type of exit except of course
|
|
# a kill -9, which cannot be trapped. The script log file is
|
|
# emailed either locally or remotely, and the log file is
|
|
# compressed. The last "exit" is needed so the user does not
|
|
# have the ability to get to the command line without logging.
|
|
|
|
if [[ -s ${LOGDIR}/${LOGFILE} ]] # Is it greater than zero bytes?
|
|
then
|
|
mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER < ${LOGDIR}/${LOGFILE}
|
|
nohup compress ${LOGDIR}/${LOGFILE} &
|
|
fi
|
|
}
|
|
|
|
# Set a trap
|
|
|
|
trap 'cleanup_exit' 1 2 3 5 15
|
|
|
|
##########################################################
|
|
################ DEFINE VARIABLES HERE ###################
|
|
##########################################################
|
|
|
|
TS=$(date +%m%d%y%H%M%S) # File time stamp
|
|
THISHOST=$(hostname) # Host name of this machine
|
|
LOGDIR=/usr/local/logs/script # Directory to hold the logs
|
|
LOGFILE=${THISHOST}.${EFF_USER}.$TS # Creates the name of the log file
|
|
touch $LOGDIR/$LOGFILE # Creates the actual file
|
|
TMOUT=300 # Set the user's shell timeout!!!
|
|
export TMOUT # Export the TMOUT variable
|
|
set -o vi 2>/dev/null # To recall previous commands
|
|
|
|
# set path to include /usr/local/bin
|
|
echo $PATH|grep -q ':/usr/local/bin' || PATH=$PATH:/usr/local/bin
|
|
|
|
# Set the command prompt to override the /.profile default prompt
|
|
|
|
PS1="$THISHOST:b${EFF_USER}> "
|
|
export PS1
|
|
|
|
#################### RUN IT HERE ##########################
|
|
|
|
chmod 666 ${LOGDIR}/${LOGFILE} # Set permission to read/write for the owner
|
|
|
|
# To get the script sesssion to work we have to use the switch user (su)
|
|
# command with the -c flag, which means execute what follows. Sudo is also
|
|
# used just to ensure that root is executing the su command. We ARE executing
|
|
# now as root, because this script was started with sudo. If a non-configured
|
|
# sudo user tries to execute this command then it will fail unless sudo was
|
|
# used to execute this script as root. Notice we are executing the script
|
|
# command as "$EFF_USER". This variable is set at the top of the script. A
|
|
# value such as "EFF_USER=oracle" is expected.
|
|
|
|
sudo su - $EFF_USER -c "script ${LOGDIR}/${LOGFILE}"
|
|
|
|
chmod 400 ${LOGDIR}/${LOGFILE} # Set permission to read-only for the owner
|
|
|
|
cleanup_exit # Execute the cleanup and exit function
|
|
|