Last active
April 21, 2023 22:56
-
-
Save ctrlcctrlv/f02f9c5cdd8e22dff21324d9b73fb5e7 to your computer and use it in GitHub Desktop.
Audit user logins in Bash (honor system, although could easily be made more secure if the user doesn't have root)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| [[ $- == *i* ]] || return | |
| [[ -f scripts/record_session.sh ]] && . scripts/record_session.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check if TIMING_FILE_LOC is already set and return an error code if it is | |
| # This prevents us running recursively. | |
| if [[ -n $TIMING_FILE_LOC ]]; then | |
| return 1 | |
| fi | |
| # Set timeout and clean up function for trap handler | |
| TIMEOUT=3 | |
| function cleanup { | |
| unset TIMING_FILE_LOC SCRIPT_FILE_LOC | |
| } | |
| trap cleanup EXIT | |
| # Trap the INT signal and return an error code | |
| trap 'echo "Exiting..."; cleanup; return 1' INT | |
| # Get client IP and timestamp for file names | |
| _CLIENT_IP=$(echo $SSH_CLIENT | awk '{print $1}') | |
| TIMESTAMP=$(date +%Y%m%d_%H%M%S) | |
| # Set file locations and confirm recording with timeout | |
| export TIMING_FILE_LOC="/root/${_CLIENT_IP}_${TIMESTAMP}.timing" | |
| export SCRIPT_FILE_LOC="/root/${_CLIENT_IP}_${TIMESTAMP}.script" | |
| # This is a constant. See `man 1 dialog` § DIAGNOSTICS. | |
| DIALOG_TIMEOUT=5 | |
| DIALOG_RESULT=0 | |
| DIALOG_TEXT="Will record session…okay? Press ^C to cancel, or ENTER to confirm. | |
| Recording will be saved to ${SCRIPT_FILE_LOC} with timing to ${TIMING_FILE_LOC} (If ignored for ${TIMEOUT} seconds, WILL record.)" | |
| OLDTERM="$TERM" | |
| export TERM=xterm-256color | |
| dialog --timeout $DIALOG_TIMEOUT --yesno "$DIALOG_TEXT" 12 70 | |
| DIALOG_RESULT=$? | |
| if [[ ! 0 -eq $DIALOG_RESULT ]]; then | |
| printf "User did not confirm recording…" | |
| TERM="$OLDTERM" | |
| if [[ $DIALOG_RESULT -eq 255 ]]; then | |
| echo "but recording anyway due to timeout." | |
| else | |
| echo "so not recording." | |
| return 1 | |
| fi | |
| else | |
| TERM="$OLDTERM" | |
| fi | |
| # Start recording session and log commands | |
| START_TIME=$(date +%s) | |
| log_command() { | |
| local status=$? | |
| local command=$(history 1 | sed 's/^[ ]*[0-9]*[ ]*//') | |
| local elapsed=$(( $(date +%s) - ${LAST_COMMAND_TIME:-$START_TIME} )) | |
| LAST_COMMAND_TIME=$(date +%s) | |
| echo "${command} [${elapsed}s] (status: ${status})" >> /root/${_CLIENT_IP}_${TIMESTAMP}.log | |
| } | |
| PROMPT_COMMAND=log_command | |
| script -f -T "$TIMING_FILE_LOC" "$SCRIPT_FILE_LOC" -a "TIMING_FILE_LOC=$TIMING_FILE_LOC" bash && exit | |
| # Clean up and return 0 | |
| cleanup | |
| return 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment