Avatar of sunhux
sunhux
 asked on

How to implement auto session logging (ie Unix "script" in .profile or /etc/profile)

For change control/support purposes, our OpenVMS servers require tech support
or administrator to login to a central VMS server (which is DCL shell script menu
driven) & from there, the administrator has to choose an option on the screen that
will do "telnet/log=logfilename  target_host/IP_addr_to_access" (in OpenVMS it's
"set host/log=...   target_host/IP_addr_to_access).

Would like to implement this on Solaris/HPUX/RedHat servers - is it possible to do
this transparently to the user : it's sort of screen logger plus keylogger (but don't
capture passwords)  :
I'm thinking along the line of inserting into each individual users'  .profile (for Korn
& Bourne shell) the lines  
   script filename_userid_date_time
   ...... user gets into system to do whatever he's doing .....
   When user type "exit" or Control-D to exit,  Unix OS will
    exit twice (once to close the "scripted" file & another
    time is the actual logoff.

Appreciate specific/exact codings.

Probably can be done at /etc/profile so that I don't have to
do this to each & every user's .profile but the coding has
to be such that it only apply this to userids with the first
3 alphabets containing the text "sgp" as I don't want to
log users who login using oraxxxxxx  or  an application
related id (aworks ...).

The administrators could be login to the system from a
telnet/ssh.  

Certainly, if the user  sgpxxxx login & then "su root",
whatever, he types/views after the "su" should still
be logged.


Thanks
Shell ScriptingUnix OSSystem Programming

Avatar of undefined
Last Comment
ahoffmann

8/22/2022 - Mon
SOLUTION
omarfarid

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER
Thanks Omar.  Need more specifics

The main problem I faced is implementing "exit" logoff -
when the user  enter "exit" once or presses Ctrl-D,
Unix OS should do "exit" twice - once to close the
script file & another time to really logoff.

Will also need some shell script coding : check the
userid's first 3 letters & only if it contains small or
big letters  "sgp', then only start "script filename"
ie start logging, else don't log it.

SOLUTION
ahoffmann

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
Tintin

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER

Ok, Tintin has given me more than half the answer.

What about the "exit" (or when the user press Ctrl-D),
Unix OS should exit twice (once to close the script
logfile, & the 2nd time to logoff) - I suppose "expect"
could do this.  Perhaps give me some expect codes (does not
have to filter all possible controls, just a couple of examples
would be good enough)
SOLUTION
ahoffmann

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER
Thanks AHoffMann/Tintin.

After I added these lines into  my login id's  .bashrc (running Redhat),
subsequent logins resulted in the following messages being repeatedly
displayed endlessly :

Script started, file is log_slagpo
Script started, file is log_slagpo
Script started, file is log_slagpo
. . . . .


Also I would like the logfilename to be in the
format  log_$DATE_YYYYMMDD_hh:mm:ss.

Not very good at Shell script coding.

Thanks
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
SOLUTION
Tintin

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER
Hi Tintin,

Tried that.  Tested login & it paused for about 5 secs & gave the message :
       bash: fork: Cannot allocate memory

Looks like the code below gave the problem :
log_$(date +%Y%m%d_%T)
 
SOLUTION
Tintin

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
ahoffmann

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER

There's no loop in .bashrc.  Script listed below :

# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
logfile=$(date +log_%Y%m%d_%T)
echo $LOGNAME | grep -qi "^sla" && exec script -q $logfile

Whether only 1 session or a few session logged in using my
account on this Linux server, still getting this error.


SECondly, is there anyway to suppress the message
"Script started, file is filename"
I tried appending  > /dev/null  &   2> /dev/null  but it did
not help
SOLUTION
Tintin

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER

$ script -?
script: invalid option -- ?
usage: script [-a] [-f] [-q] [-t] [file]

$ uname -a
Linux Hostname... 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux

if I do "script -q  filename",  it does not return to Unix prompt (Ctrl-D also won't
bring it back to Unix prompt).

Have to Ctrl-C to get back to Unix prompt
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
ahoffmann

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER
Well, I removed the lines below from .bashrc & 
the same problem still persists :

if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

I then tried Tintin's codes on our other Redhat servers
(SMP) but I don't run into this problem, so it's server
specific but I don't know what's the problem with this
particular Redhat box.  Tintin's code works on our Solari
9 box & HP-UX.

To be fair to Tintin & Ahoff, I'll close this if you can provide
me  a workaround/equivalent of  "script -q"  for  Solaris
& HP-UX to suppress the  message "Script started..."?

Many thanks
Tintin

That's really peculiar as I've never come across a Linux/Unix system yet that shows that behaviour.
SOLUTION
ahoffmann

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.