From c2b1f1137e757b3a3f21e7c6dda333b058e84e85 Mon Sep 17 00:00:00 2001 From: Sean Donner Date: Wed, 13 Feb 2013 18:40:58 -0500 Subject: [PATCH] system/sudosh2: Added (tool for server auditing and shell reporting) Signed-off-by: dsomero --- system/sudosh2/README | 20 ++++++ system/sudosh2/doinst.sh | 25 +++++++ system/sudosh2/slack-desc | 19 +++++ system/sudosh2/sudosh2.SlackBuild | 112 ++++++++++++++++++++++++++++++ system/sudosh2/sudosh2.info | 10 +++ 5 files changed, 186 insertions(+) create mode 100644 system/sudosh2/README create mode 100644 system/sudosh2/doinst.sh create mode 100644 system/sudosh2/slack-desc create mode 100644 system/sudosh2/sudosh2.SlackBuild create mode 100644 system/sudosh2/sudosh2.info diff --git a/system/sudosh2/README b/system/sudosh2/README new file mode 100644 index 0000000000..cb5fa47a86 --- /dev/null +++ b/system/sudosh2/README @@ -0,0 +1,20 @@ +sudosh is a filter and can be used as a login shell. sudosh takes advantage +of pty devices in order to sit between the user's keyboard and a program, in +this case a shell. + +sudosh was designed specifically to be used in conjunction with sudo or by +itself as a login shell.. sudosh allows the execution of a root shell with +logging. Every command the user types within the root shell is logged as +well as the output. + +How is this different than "sudo -s" or "sudo /bin/sh" ? + +Using "sudo -s" or other methods doesn't log commands typed to syslog. +Generally the commands are logged to a file such as .sh_history and if you +use a shell such as csh that doesn't support command-line logging you're +out of luck. + +sudosh fills this gap. No matter what shell you use, all of the command +lines are logged to syslog (including vi keystrokes.) + +See README in /usr/doc/sudosh2- for configuration and usage. diff --git a/system/sudosh2/doinst.sh b/system/sudosh2/doinst.sh new file mode 100644 index 0000000000..515a0a3487 --- /dev/null +++ b/system/sudosh2/doinst.sh @@ -0,0 +1,25 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/sudosh.conf.new diff --git a/system/sudosh2/slack-desc b/system/sudosh2/slack-desc new file mode 100644 index 0000000000..f16452bb85 --- /dev/null +++ b/system/sudosh2/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +sudosh2: sudosh2 (tool for server auditing and shell reporting) +sudosh2: +sudosh2: sudosh2 is an auditing shell filter and can be used as a login shell. +sudosh2: sudosh2 records all keystrokes and output and can play back the session +sudosh2: as just like a VCR. +sudosh2: +sudosh2: +sudosh2: +sudosh2: +sudosh2: +sudosh2: diff --git a/system/sudosh2/sudosh2.SlackBuild b/system/sudosh2/sudosh2.SlackBuild new file mode 100644 index 0000000000..e37cf4f41f --- /dev/null +++ b/system/sudosh2/sudosh2.SlackBuild @@ -0,0 +1,112 @@ +#!/bin/sh + +# Slackware build script for sudosh2 + +# Copyright 2009-2010 Sean Donner (sean.donner@gmail.com) +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=sudosh2 +VERSION=${VERSION:-1.0.4} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +WITH_RECORD=${WITH_RECORD:-yes} +if [ "$WITH_RECORD" != "yes" ]; then + do_record="--disable-recordinput" +else + do_record="--enable-recordinput" +fi + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tgz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --infodir=/usr/info \ + --build=$ARCH-slackware-linux \ + $do_record + +make +# make install will install sudosh.conf in the build system, use +# make install-am to avoid this and manualy install the conf file. +make install-am DESTDIR=$PKG +install -m 0644 -D $TMP/$PRGNAM-$VERSION/src/sudosh.conf $PKG/etc/sudosh.conf.new + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a AUTHORS COPYING ChangeLog NEWS README TODO \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/sudosh2/sudosh2.info b/system/sudosh2/sudosh2.info new file mode 100644 index 0000000000..4f8382c171 --- /dev/null +++ b/system/sudosh2/sudosh2.info @@ -0,0 +1,10 @@ +PRGNAM="sudosh2" +VERSION="1.0.4" +HOMEPAGE="http://www.shortcutsolutions.net/sudosh2-shell-auditing-software.html" +DOWNLOAD="http://downloads.sourceforge.net/project/sudosh2/sudosh2-1.0.4.tgz" +MD5SUM="28c0b6cfd60299a6c339cf9b07f2367f" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="Sean Donner" +EMAIL="sean.donner@gmail.com"