#!/bin/bash #Pointsoftware AG, 2013-04-26 #filename: '/etc/forcecommand.sh' #created by francois scheurer #used for bash audit, see '/etc/bash_franzi' if [ -n "${SSH_ORIGINAL_COMMAND}" ] then #audit SSH commands bypassing the bash (ssh -c/SCP/SFTP) declare -rx AUDIT_LOGINUSER="$(who -mu | awk '{print $1}')" declare -rx AUDIT_LOGINPID="$(who -mu | awk '{print $6}')" declare -rx AUDIT_USER="$USER" #defined by pam during su/sudo declare -rx AUDIT_PID="$$" declare -rx AUDIT_TTY="$(who -mu | awk '{print $2}')" declare -rx AUDIT_SSH="$([ -n "$SSH_CONNECTION" ] && echo "$SSH_CONNECTION" | awk '{print $1":"$2"->"$3":"$4}')" declare -rx AUDIT_STR="[audit $AUDIT_LOGINUSER/$AUDIT_LOGINPID as $AUDIT_USER/$AUDIT_PID on $AUDIT_TTY/$AUDIT_SSH]" declare -rx AUDIT_SYSLOG="1" #to use a local syslogd if [ -n "$AUDIT_SYSLOG" ] then logger -p user.info -t "$AUDIT_STR $PWD" "${SSH_ORIGINAL_COMMAND}" else echo $( date +%F_%H:%M:%S ) "$AUDIT_STR $PWD" "${SSH_ORIGINAL_COMMAND}" >>/var/log/userlog.info fi exec bash -c "${SSH_ORIGINAL_COMMAND}" else exec -l bash --init-file /etc/bash_franzi -li fi #endof