diff --git a/README.md b/README.md index ac11c23..874d914 100755 --- a/README.md +++ b/README.md @@ -6,8 +6,9 @@ Can also be used for other notifications, like OS startups, letsencrypt renewal, Download the repo files, copy "config.sample" to "config" and adjust it. Then add following line to your /etc/pam.d/sshd file: ``` -session optional pam_exec.so /root/shelltracer/exec.sh +session optional pam_exec.so /bin/bash /root/shelltracer/tracer.sh ``` +Adjust the path to bash to reflect your systm confiuration. ## Demo diff --git a/exec.sh b/exec.sh deleted file mode 100755 index 4a1652b..0000000 --- a/exec.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -SCRIPT_DIR=`dirname $0` - -/usr/bin/nohup ${SCRIPT_DIR}/tracer.sh >> ${SCRIPT_DIR}/log-error.log 2>&1 & diff --git a/notify.sh b/notify.sh deleted file mode 100755 index 211d3b9..0000000 --- a/notify.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -SCRIPT_DIR=`dirname $0` -. "${SCRIPT_DIR}/config" - -PUSHOVER_TITLE="$1" -PUSHOVER_MESSAGE="$2" -PUSHOVER_URL="https://api.pushover.net/1/messages.json" - -${CURL} -s -F "token=${PUSHOVER_TOKEN_APP}" -F "user=${PUSHOVER_TOKEN_USER}" -F "title=${PUSHOVER_TITLE}" -F "message=${PUSHOVER_MESSAGE}" ${PUSHOVER_URL} >> ${LOGFILE} 2>&1 -echo >> ${LOGFILE} diff --git a/tracer.sh b/tracer.sh index 42a5c9f..417a5b4 100755 --- a/tracer.sh +++ b/tracer.sh @@ -1,18 +1,24 @@ -#!/bin/sh +PATH="/bin:/usr/bin:/usr/local/bin:$PATH" +trap 'echo killsignal received' SIGTERM SIGINT + +################################## +# CONFIGURATION SCRIPT_DIR=`dirname $0` . "${SCRIPT_DIR}/config" - -NOW_UNIX=`${DATE} +%s` -NOW_HUMAN=`${DATE} "+%F %H:%M:%S"` -RAND=`${JOT} -r 1 1000` -MACHINE=`hostname` - +NOW_UNIX=$(date +%s) +NOW_HUMAN=$(date "+%F %H:%M:%S") +RAND="$((RANDOM%1000+1))" +MACHINE=$(hostname) LOGFILE_TEMP="${LOGFILE}.${NOW_UNIX}.${RAND}" +PUSHOVER_URL="https://api.pushover.net/1/messages.json" + +touch ${SCRIPT_DIR}/log-error.log +exec 2> >(logger -f ${SCRIPT_DIR}/log-error.log) exit_program() { - ${W} >> $LOGFILE_TEMP + w >> $LOGFILE_TEMP echo $1 >> $LOGFILE_TEMP echo "==========================================================" >> $LOGFILE_TEMP cat $LOGFILE_TEMP >> $LOGFILE @@ -42,15 +48,16 @@ else ACTION="TERM EXEC" fi - -echo "Service: ${SERVICE}" >> $LOGFILE_TEMP -echo "Action: ${ACTION}" >> $LOGFILE_TEMP -echo "Date: ${NOW_HUMAN}" >> $LOGFILE_TEMP -echo "Server: ${MACHINE}" >> $LOGFILE_TEMP -echo "User: ${USER}" >> $LOGFILE_TEMP +cat <> $LOGFILE_TEMP +Service: ${SERVICE} +Action: ${ACTION} +Date: ${NOW_HUMAN} +Server: ${MACHINE} +User: ${USER} +EOF if [ ! -z "$PAM_RHOST" ]; then - IP=`${HOST} -W5 -t A $PAM_RHOST | ${AWK} '{ print $4 }'` + IP=`host -W5 -t A $PAM_RHOST | awk '{ print $4 }'` echo "User Host: ${PAM_RHOST}" >> $LOGFILE_TEMP echo "User IP: $IP" >> $LOGFILE_TEMP @@ -61,8 +68,10 @@ if [ "${ACTION}" == "Logout" ] && [ "${LOGOUT_NOTIFICATION}" == "NO" ]; then exit_program "Logout END - skipping pushover notification" fi +################################## +# PUSHOVER PUSHOVER_TITLE=$TITLE -PUSHOVER_MESSAGE=`cat $LOGFILE_TEMP` -${SCRIPT_DIR}/notify.sh "${PUSHOVER_TITLE}" "${PUSHOVER_MESSAGE}" +PUSHOVER_MESSAGE=$(cat $LOGFILE_TEMP) +curl -s -F "token=${PUSHOVER_TOKEN_APP}" -F "user=${PUSHOVER_TOKEN_USER}" -F "title=${PUSHOVER_TITLE}" -F "message=${PUSHOVER_MESSAGE}" ${PUSHOVER_URL} >> ${LOGFILE} 2>&1 exit_program "${ACTION} END"