Visit Our UNIX and Linux User Community


Start script when a user starts a remote session


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Start script when a user starts a remote session
# 1  
Old 09-30-2011
Start script when a user starts a remote session

Howdy,

I'm fairly new at bash scripting, but (for some reason) I've been tasked with building a bastion server and logging all (ssh/telnet) remote activity. Each session must create a unique log file - the name of each file must include the user ID, the connection method (ssh/telnet), the name of the remote host, and a time stamp.I have a basic bash script using the script command (see below).

Users authenticate through Active Directory (Winbind) and use a default lshell, local users do not need to be logged. My two questions are:
1. What's the best way to start and stop the script?
2. How do I capture the remote connection method (ssh or telnet) and the name of the remote host for the log file name?

This is what I have as a framework:
Code:
#!/bin/bash

# Capture keystrokes of a user and log

TIMESTAMP=$(date +%m%d%y%H%M%S)
HOST=$(hostname|cut -f1 -d.)
LOGDIR=/var/log/logging
LOGFILE=${HOST}.${LOGNAME}.${TIMESTAMP}
touch $LOGDIR/$LOGFILE

# Set Prompt
export PS1=.[$LOGNAME:$HOST]@..$PWD> .

chown $LOGNAME ${LOGDIR}/${LOGFILE}
chmod 600 ${LOGDIR}/${LOGFILE}

script ${LOGDIR}/${LOGFILE}
chmod 400 ${LOGDIR}/${LOGFILE}

Any help would be greatly appreciated.

Last edited by vbe; 09-30-2011 at 02:00 PM.. Reason: next time, use code tags for your code/data
# 2  
Old 09-30-2011
What OS do you have? That will give us a better idea on howe to identify incoming ssh.
Usually it relates to the parent pid of the process being sshd.

IF you activate your script in the /etc/telnetrc file, you will catch all incoming telnet connections if you have it start logging


To actually log use the script command. It captures all keystrokes into a file

example for bash, ksh:
Code:
script  /path/to/logs/${USER}.`date +%Y%m%d%H%M%S`

There is a problem with this - managers think this increases security, in fact, what it really does is eat up disk space. So monitor disk usage closely. Security is better served by preventing problems, rather than playing whodunit games after the fact.
# 3  
Old 09-30-2011
Hi,

Thanks for the reply. I'm running CentOS 5.7 right now on the bastion box. Basically, we want to have logs of user activity on remote devices that they connect to from the bastion. Everyone we want to log will authenticate to the bastion via Winbind. They're running lshell and are limited to 5 or 6 commands, including telnet and ssh. Ideally, I'd like to have the keystroke script start when the user runs 'ssh user@remotedevice.com', and the same with telnet. And then kill the script when they close the terminal.

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Running a script on remote server kills my login session

Hi there, I'm trying to run a script remotely on a server in a particular directory named after hostname which already exists, my login session gets killed as soon as I run the below command. Not sure what is wrong, is there a better way to do it ? Note: I can also use nohup command to run... (14 Replies)
Discussion started by: mbak
14 Replies

2. Shell Programming and Scripting

Need to write a shell script that starts one, then kills it, then starts another?

This is on a CentOS box, I have two scripts that need to run in order. I want to write a shell script that calls the first script, lets it run and then terminates it after a certain number of hours (that I specify of course), and then calls the second script (they can't run simultaneously) which... (3 Replies)
Discussion started by: btramer
3 Replies

3. Shell Programming and Scripting

i want to execute shell script on remote server with in sftp session

Hi, I want to execute shell script with in sftp session for remote server. like i have a shell script test.sh that is on local server.i want to execute that script on remote server sftp user@192.168.56.10 sftp> test.sh ---execute for remote server not for local server. sftp... (3 Replies)
Discussion started by: SAUD PASHA
3 Replies

4. AIX

How to start monitoring with truss before a process starts

Hi guys, Is there some way to monitor a process but previously starting truss like this? truss ls & ls Thanks in advance. (1 Reply)
Discussion started by: edgarvm
1 Replies

5. UNIX for Advanced & Expert Users

Start multiple scripts from the same session

hello, i have an AIX 6.1 server which has Informix 11.5 Database Engine. When i want to export some databases from the instance for backup or for any other use i can do it with dbexport (informix command). The problem is that when i run this command or when i run script which run this command,... (2 Replies)
Discussion started by: omonoiatis9
2 Replies

6. HP-UX

Start SAM in TUI from CDE session

how can i start sam in TUI mode from a CDE session. i'm using hp-ux 11iv3 i tried to start SAM from a terminal from CDE session but each time i try to start it System Managment Homepage starts , so i telneted to server from a pc to start sam in TUI mode is there any other way to set my SAM to... (2 Replies)
Discussion started by: h@foorsa.biz
2 Replies

7. Solaris

Solstice 6.0.3 - Recover: Cannot Start Session

Hi people, I have a Solstice Backup 6.0.3 installed in server X1 and one installed in server X2. I need to start de recover in X2 and the somes files existing in X1. - Well, i begin this process in X2 with #nwadmin -s X1 & and i select "Save Set/ Recover". I select the datas and click in... (0 Replies)
Discussion started by: denisgomes
0 Replies

8. AIX

Script to start a remote batch job on another server

Hi , I am trying to execute one script residing on server B from server A and in automated way but with a trigger. My main quetion are 1) How I will login to the remote server automatically with user name and password. ( rsh or any other way ?) 2) Once logged in I need to execute... (2 Replies)
Discussion started by: agent47
2 Replies

9. Shell Programming and Scripting

Problem with Unix script to start remote Tomcat

I have Tomcat installed on a Unix box and I need to start it remotely from another Unix box. Tomcat is started using a script. When this script is run locally everything is fine. When I run the same script from remote box, tomcat starts but the command running the script does not terminate.:( ... (2 Replies)
Discussion started by: shrgh
2 Replies

Featured Tech Videos