From 39d17b41929b168d890685a1d63212b1fceca912 Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 21:13:23 +0100 Subject: [PATCH 01/12] corrected #! --- exec.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exec.sh b/exec.sh index 4a1652b..e1bb8f5 100755 --- a/exec.sh +++ b/exec.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh SCRIPT_DIR=`dirname $0` From 6d8e0510f9f05fa09cf04b767fb41715a5d39737 Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 21:44:58 +0100 Subject: [PATCH 02/12] obsolete --- notify.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/notify.sh b/notify.sh index 211d3b9..cf793ed 100755 --- a/notify.sh +++ b/notify.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env bash SCRIPT_DIR=`dirname $0` . "${SCRIPT_DIR}/config" @@ -7,5 +7,5 @@ PUSHOVER_TITLE="$1" PUSHOVER_MESSAGE="$2" PUSHOVER_URL="https://api.pushover.net/1/messages.json" -${CURL} -s -F "token=${PUSHOVER_TOKEN_APP}" -F "user=${PUSHOVER_TOKEN_USER}" -F "title=${PUSHOVER_TITLE}" -F "message=${PUSHOVER_MESSAGE}" ${PUSHOVER_URL} >> ${LOGFILE} 2>&1 +curl -s -F "token=${PUSHOVER_TOKEN_APP}" -F "user=${PUSHOVER_TOKEN_USER}" -F "title=${PUSHOVER_TITLE}" -F "message=${PUSHOVER_MESSAGE}" ${PUSHOVER_URL} >> ${LOGFILE} 2>&1 echo >> ${LOGFILE} From f625e46cf52a9f90c2a12b1d4bd2057d7c53fcb8 Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 21:48:04 +0100 Subject: [PATCH 03/12] general beautifying --- exec.sh | 5 ----- notify.sh | 11 ----------- 2 files changed, 16 deletions(-) delete mode 100755 exec.sh delete mode 100755 notify.sh diff --git a/exec.sh b/exec.sh deleted file mode 100755 index e1bb8f5..0000000 --- a/exec.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env sh - -SCRIPT_DIR=`dirname $0` - -/usr/bin/nohup ${SCRIPT_DIR}/tracer.sh >> ${SCRIPT_DIR}/log-error.log 2>&1 & diff --git a/notify.sh b/notify.sh deleted file mode 100755 index cf793ed..0000000 --- a/notify.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash - -SCRIPT_DIR=`dirname $0` -. "${SCRIPT_DIR}/config" - -PUSHOVER_TITLE="$1" -PUSHOVER_MESSAGE="$2" -PUSHOVER_URL="https://api.pushover.net/1/messages.json" - -curl -s -F "token=${PUSHOVER_TOKEN_APP}" -F "user=${PUSHOVER_TOKEN_USER}" -F "title=${PUSHOVER_TITLE}" -F "message=${PUSHOVER_MESSAGE}" ${PUSHOVER_URL} >> ${LOGFILE} 2>&1 -echo >> ${LOGFILE} From 9d52e0c717e5de6804ce8a38d6666e3446e6901b Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 21:49:53 +0100 Subject: [PATCH 04/12] reflect latest changes --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ac11c23..3aa6a68 100755 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Can also be used for other notifications, like OS startups, letsencrypt renewal, Download the repo files, copy "config.sample" to "config" and adjust it. Then add following line to your /etc/pam.d/sshd file: ``` -session optional pam_exec.so /root/shelltracer/exec.sh +session optional pam_exec.so /root/shelltracer/tracer.sh ``` ## Demo From 5affb6df8c7619b7a23e4e13cf1c0bab547f8d15 Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 21:50:25 +0100 Subject: [PATCH 05/12] general beautifying --- tracer.sh | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/tracer.sh b/tracer.sh index 42a5c9f..82f4f8c 100755 --- a/tracer.sh +++ b/tracer.sh @@ -1,18 +1,24 @@ -#!/bin/sh +#!/usr/bin/env bash +trap 'echo killsignal received' SIGTERM SIGINT + +################################## +# CONFIGURATION SCRIPT_DIR=`dirname $0` . "${SCRIPT_DIR}/config" - -NOW_UNIX=`${DATE} +%s` -NOW_HUMAN=`${DATE} "+%F %H:%M:%S"` -RAND=`${JOT} -r 1 1000` -MACHINE=`hostname` - +NOW_UNIX=$(date +%s) +NOW_HUMAN=$(date "+%F %H:%M:%S") +RAND=0; while [ "$RAND" -le 1 ];do RAND=$RANDOM; let "RAND %= 1000";done +MACHINE=$(hostname) LOGFILE_TEMP="${LOGFILE}.${NOW_UNIX}.${RAND}" +PUSHOVER_URL="https://api.pushover.net/1/messages.json" + +touch ${SCRIPT_DIR}/log-error.log +exec 2> >(logger -f ${SCRIPT_DIR}/log-error.log) exit_program() { - ${W} >> $LOGFILE_TEMP + w >> $LOGFILE_TEMP echo $1 >> $LOGFILE_TEMP echo "==========================================================" >> $LOGFILE_TEMP cat $LOGFILE_TEMP >> $LOGFILE @@ -42,15 +48,16 @@ else ACTION="TERM EXEC" fi - -echo "Service: ${SERVICE}" >> $LOGFILE_TEMP -echo "Action: ${ACTION}" >> $LOGFILE_TEMP -echo "Date: ${NOW_HUMAN}" >> $LOGFILE_TEMP -echo "Server: ${MACHINE}" >> $LOGFILE_TEMP -echo "User: ${USER}" >> $LOGFILE_TEMP +cat <> $LOGFILE_TEMP +Service: ${SERVICE} +Action: ${ACTION} +Date: ${NOW_HUMAN} +Server: ${MACHINE} +User: ${USER} +EOF if [ ! -z "$PAM_RHOST" ]; then - IP=`${HOST} -W5 -t A $PAM_RHOST | ${AWK} '{ print $4 }'` + IP=`host -W5 -t A $PAM_RHOST | awk '{ print $4 }'` echo "User Host: ${PAM_RHOST}" >> $LOGFILE_TEMP echo "User IP: $IP" >> $LOGFILE_TEMP @@ -61,8 +68,10 @@ if [ "${ACTION}" == "Logout" ] && [ "${LOGOUT_NOTIFICATION}" == "NO" ]; then exit_program "Logout END - skipping pushover notification" fi +################################## +# PUSHOVER PUSHOVER_TITLE=$TITLE -PUSHOVER_MESSAGE=`cat $LOGFILE_TEMP` -${SCRIPT_DIR}/notify.sh "${PUSHOVER_TITLE}" "${PUSHOVER_MESSAGE}" +PUSHOVER_MESSAGE=$(cat $LOGFILE_TEMP) +curl -s -F "token=${PUSHOVER_TOKEN_APP}" -F "user=${PUSHOVER_TOKEN_USER}" -F "title=${PUSHOVER_TITLE}" -F "message=${PUSHOVER_MESSAGE}" ${PUSHOVER_URL} >> ${LOGFILE} 2>&1 exit_program "${ACTION} END" From e7ba74212a9677de21cbc6eade70926041003a64 Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 22:15:29 +0100 Subject: [PATCH 06/12] added path --- tracer.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tracer.sh b/tracer.sh index 82f4f8c..160099f 100755 --- a/tracer.sh +++ b/tracer.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +PATH="/usr/bin;/usr/local/bin;$PATH" trap 'echo killsignal received' SIGTERM SIGINT From 8875c5ea7be3907291ec5abf5e877bb2acf14347 Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 22:18:00 +0100 Subject: [PATCH 07/12] another missing dir --- tracer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracer.sh b/tracer.sh index 160099f..32eed84 100755 --- a/tracer.sh +++ b/tracer.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -PATH="/usr/bin;/usr/local/bin;$PATH" +PATH="/bin;/usr/bin;/usr/local/bin;$PATH" trap 'echo killsignal received' SIGTERM SIGINT From 657b7dd2b704a041f239166c5080a8ada36331ff Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 22:24:17 +0100 Subject: [PATCH 08/12] fixed embarrassing PATH variables --- tracer.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tracer.sh b/tracer.sh index 32eed84..e65380b 100755 --- a/tracer.sh +++ b/tracer.sh @@ -1,5 +1,5 @@ -#!/usr/bin/env bash -PATH="/bin;/usr/bin;/usr/local/bin;$PATH" +#!/usr/local/bin/bash +PATH="/bin:/usr/bin:/usr/local/bin:$PATH" trap 'echo killsignal received' SIGTERM SIGINT From 0b53161c533f0dd5bf91a416986fce3c2fbcb221 Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 22:28:59 +0100 Subject: [PATCH 09/12] removed #! --- tracer.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tracer.sh b/tracer.sh index e65380b..947fdfb 100755 --- a/tracer.sh +++ b/tracer.sh @@ -1,4 +1,3 @@ -#!/usr/local/bin/bash PATH="/bin:/usr/bin:/usr/local/bin:$PATH" trap 'echo killsignal received' SIGTERM SIGINT From adb4ee1a35131e8b26618c34328c331f81ad49d7 Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 22:31:53 +0100 Subject: [PATCH 10/12] reflect #! changes --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3aa6a68..3bcaddd 100755 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Can also be used for other notifications, like OS startups, letsencrypt renewal, Download the repo files, copy "config.sample" to "config" and adjust it. Then add following line to your /etc/pam.d/sshd file: ``` -session optional pam_exec.so /root/shelltracer/tracer.sh +session optional pam_exec.so /bin/bash /root/shelltracer/tracer.sh ``` ## Demo From 21ffe23586e2887a4cbbb9ecb5c2d3c6258583f3 Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Tue, 31 Jan 2017 22:34:56 +0100 Subject: [PATCH 11/12] added a hint for bash path adjustments --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3bcaddd..874d914 100755 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ Then add following line to your /etc/pam.d/sshd file: ``` session optional pam_exec.so /bin/bash /root/shelltracer/tracer.sh ``` +Adjust the path to bash to reflect your systm confiuration. ## Demo From 05700b752f71ab5db61430d66a12726ec7426dfc Mon Sep 17 00:00:00 2001 From: Andreas Eisenreich Date: Wed, 1 Feb 2017 10:46:13 +0100 Subject: [PATCH 12/12] simplified RANDOM generator --- tracer.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracer.sh b/tracer.sh index 947fdfb..417a5b4 100755 --- a/tracer.sh +++ b/tracer.sh @@ -8,7 +8,7 @@ SCRIPT_DIR=`dirname $0` . "${SCRIPT_DIR}/config" NOW_UNIX=$(date +%s) NOW_HUMAN=$(date "+%F %H:%M:%S") -RAND=0; while [ "$RAND" -le 1 ];do RAND=$RANDOM; let "RAND %= 1000";done +RAND="$((RANDOM%1000+1))" MACHINE=$(hostname) LOGFILE_TEMP="${LOGFILE}.${NOW_UNIX}.${RAND}" PUSHOVER_URL="https://api.pushover.net/1/messages.json"