82 lines
2.7 KiB
Bash
Executable File
82 lines
2.7 KiB
Bash
Executable File
#!/bin/ksh
|
|
#
|
|
# SCRIPT: log_keystrokes.ksh
|
|
#
|
|
# AUTHOR: Randy Michael
|
|
# DATE: 05/08/2002
|
|
# REV: 1.0.P
|
|
# PLATFOEM: Any UNIX
|
|
#
|
|
# PURPOSE: This shell script is used to monitor a login session by
|
|
# capturing all of the terminal data in a log file using
|
|
# the script command. This shell script name should be
|
|
# the last entry in the user's $HOME/.profile. The log file
|
|
# is both kept locally and e-mailed to a log file administrative
|
|
# user either locally or on a remote machine.
|
|
#
|
|
# REV LIST:
|
|
#
|
|
#
|
|
# set -n # Uncomment to check syntax without any execution
|
|
# set -x # Uncomment to debug this shell script
|
|
#
|
|
############# DEFINE AUDIT LOG MANAGER ###################
|
|
|
|
# This user receives all of the audit logs by e-mail. This
|
|
# Log Manager can have a local or remote e-mail address. You
|
|
# can add more than one e-mail address if you want by separating
|
|
# each address with a space.
|
|
|
|
LOG_MANAGER="logman" # List to e-mail audit log
|
|
|
|
##########################################################
|
|
################ DEFINE FUNCTIONS HERE ###################
|
|
##########################################################
|
|
|
|
cleanup_exit ()
|
|
{
|
|
# This function is executed on any type of exit except of course
|
|
# a kill -9, which cannot be trapped. The script log file is
|
|
# e-mailed either locally or remotely and the log file is
|
|
# compressed. The last "exit" is needed so the user does not
|
|
# have the ability to get to the command line without logging.
|
|
|
|
if [[ -s ${LOGDIR}/${LOGFILE} ]]
|
|
then
|
|
mailx -s "$TS - $LOGNAME Audit Report" $LOG_MANAGER \
|
|
< ${LOGDIR}/${LOGFILE}
|
|
compress ${LOGDIR}/${LOGFILE} 2>/dev/null
|
|
fi
|
|
|
|
exit
|
|
}
|
|
|
|
# Set a trap
|
|
|
|
trap 'cleanup_exit' 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 26
|
|
|
|
##########################################################
|
|
################ DEFINE VARIABLES HERE ###################
|
|
##########################################################
|
|
|
|
TS=$(date +%m%d%y%H%M%S) # File time stamp
|
|
THISHOST=$(hostname|cut -f1-2 -d.) # Host name of this machine
|
|
LOGDIR=/usr/local/logs/script # Directory to hold the logs
|
|
LOGFILE=${THISHOST}.${LOGNAME}.$TS # Creates the name of the log file
|
|
touch $LOGDIR/$LOGFILE # Creates the actual file
|
|
set -o vi 2>/dev/null # Previous commands recall
|
|
|
|
# Set the command prompt
|
|
export PS1="[$LOGNAME:$THISHOST]@"'$PWD> '
|
|
|
|
#################### RUN IT HERE ##########################
|
|
|
|
chmod 600 ${LOGDIR}/${LOGFILE} # Change permission to RW for the owner
|
|
|
|
script ${LOGDIR}/${LOGFILE} # Start the script monitoring session
|
|
|
|
chmod 400 ${LOGDIR}/${LOGFILE} # Set permission to read-only for the owner
|
|
|
|
cleanup_exit # Execute the cleanup and exit function
|
|
|