forked from simplechoices/CentralizeBashHistory
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbashrc-patch
70 lines (55 loc) · 2.41 KB
/
bashrc-patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# https://github.com/simplechoices/CentralizeBashHistory
# Enhanced the function to store it on centralized Rsyslog > Elastic serach > Kibana
function log2syslog
{
# collect TTY info
declare TTY
TTY=$(tty | sed 's|/dev/||g')
## collect USER info
declare WHOAMI
WHOAMI=${USER-$(whoami)}
# Get src ip for ssh connection
declare SSH_SRC_IP
# get src info from SSH_CLIENT if available
# this can fail if we're operating under 'sudo su -' - the SSH env vars are stripped off
SSH_SRC_IP=${SSH_CLIENT-"ssh-client-unset"}
SSH_SRC_IP=${SSH_SRC_IP%% *}
## Variable declared for getting logged-in user executed Command
declare COMMAND
## Fetch the executed Command
COMMAND=$(fc -ln -0 | sed -r 's/^[[:blank:]]*//g' | sed -r 's/[[:blank:]]+/ /g')
[[ -z ${BASH_EXECUTION_STRING} ]] || COMMAND="#000 RemotelyExecCommand ${BASH_EXECUTION_STRING}"
## Checks for Remotely (via ssh) Executed Commands and set the COMMAND variable
[[ -n ${COMMAND} ]] || COMMAND="#000 CommandIsEmpty_or_ssh_login"
## Checking for executed Command and setting string equivalent mock data if empty
## Checks if user has tried to Disable the Trap; then SigQuit the PID ; this will reenable the logger trap
if [[ ${PREVIOUS_COMMAND} != *" CommandIsEmpty_or_ssh_login" && -n ${PREVIOUS_COMMAND} && ${COMMAND} == *"trap"*"-"*"DEBUG"* ]];
then
kill -SIGQUIT $$
fi
# Set the HISTCONTROL variable every time through
#
# This is to override setting HISTCONTROL in ~/.bashrc (set to ignoreboth via /etc/skel/.bashrc on many systems)
#
# Logically this won't take effect until a command is exectuted after login, (meaning
# the first command after login might be unlogged) but practically it seems to be okay.
export HISTCONTROL="unset"
## Checks if User has tried to remove the Trap; then enable it back
if [[ ${PREVIOUS_COMMAND} == *"trap"*"-"*"SIGQUIT"* ]];
then
trap enabletrap SIGQUIT
fi
## Check for deduplicate and remove for redundant commands being logged
if [[ -z ${PREVIOUS_COMMAND} || "${COMMAND}" != "${PREVIOUS_COMMAND}" ]] ;
then
logger -p auth.info -t cmdlog "${WHOAMI} ${TTY} ${SSH_SRC_IP} ${COMMAND}"
export PREVIOUS_COMMAND=${COMMAND}
fi
}
## enable the trap in Debug mode
trap log2syslog DEBUG
function enabletrap {
trap log2syslog DEBUG
}
## Enabling the Trap
trap enabletrap SIGQUIT