├── .github └── CODEOWNERS ├── .gitignore ├── AUTHORS ├── COPYING ├── ChangeLog ├── INSTALL ├── Makefile.am ├── NEWS ├── README ├── autoclean.sh ├── autogen.sh ├── configure.ac ├── doc ├── Makefile.am └── log-user-session.pod └── src ├── Makefile.am └── log-user-session.c /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @open-ch/conf-mon 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .*.swp 2 | *.tar.gz 3 | *~ 4 | .deps 5 | Makefile 6 | Makefile.in 7 | aclocal.m4 8 | autom4te.cache 9 | compile 10 | config.guess 11 | config.h 12 | config.h.in 13 | config.log 14 | config.status 15 | config.sub 16 | configure 17 | depcomp 18 | install-sh 19 | missing 20 | src/*.o 21 | src/log-user-session 22 | doc/log-user-session.8 23 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Authors of log-user-session 2 | 3 | Copyright (C) 2014 Open Systems AG 4 | 5 | 6 | Konrad Bucheli 7 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Open Systems AG 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- 1 | 2020-08-04 Konrad Bucheli 2 | * Version 0.9 3 | * fix terminal getting garbled by tmux by removing OPOST flag 4 | * hint the interpretation of ANSI codes ty the terminal 5 | 6 | 2019-03-18 Daniel Aschwanden 7 | * Version 0.8 8 | * set prctl PR_SET_DEATHSIG for the log-user-session processes 9 | * properly sanitize ssh_client before storing in opt_client 10 | * adds NonInteractiveCommandWhitelist to log only the command of 11 | the listed commands and not the output 12 | 13 | 2015-06-09 Konrad Bucheli 14 | * Version 0.7 15 | 16 | 2015-03-27 Konrad Bucheli 17 | * only warn missing configuration file on very first invocation 18 | 19 | 2015-03-26 Konrad Bucheli 20 | * proper cleanup if parent process is killed/exits 21 | 22 | 2015-02-27 Konrad Bucheli 23 | * (read_configuration_file) improve output for missing or empty 24 | configuration files 25 | 26 | 2015-02-12 Konrad Bucheli 27 | * Version 0.6 28 | 29 | 2015-02-12 Konrad Bucheli 30 | * no data interception if only command and no data should be logged 31 | * do not log of input on interactive sessions 32 | (bug introduced in version 0.5, reported by Ruslan Popov) 33 | 34 | 2014-11-04 Konrad Bucheli 35 | * Version 0.5 36 | 37 | 2014-10-03 Konrad Bucheli 38 | * add configuration option LogNonInteractiveData 39 | * change default for configuration option LogRemoteCommandData to on 40 | 41 | 2014-05-12 Konrad Bucheli 42 | * Version 0.4 43 | 44 | 2014-05-08 Konrad Bucheli 45 | * (process_options) fix login shell detection 46 | 47 | 2014-05-02 Konrad Bucheli 48 | * Version 0.3 49 | 50 | 2014-05-02 Konrad Bucheli 51 | * (run_log_forwarder) avoid runaway processes 52 | 53 | 2014-04-08 Konrad Bucheli 54 | * Version 0.2 55 | 56 | 2014-04-08 Konrad Bucheli 57 | * (start_logger) set owner of new tty to user (fixes screen) 58 | 59 | 2014-03-10 Konrad Bucheli 60 | * (process_options) do not print client host if SSH_CLIENT is not set 61 | 62 | 2014-03-07 Konrad Bucheli 63 | * Initial version 64 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | Installation Instructions 2 | ************************* 3 | 4 | Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, 5 | Inc. 6 | 7 | Copying and distribution of this file, with or without modification, 8 | are permitted in any medium without royalty provided the copyright 9 | notice and this notice are preserved. This file is offered as-is, 10 | without warranty of any kind. 11 | 12 | Basic Installation 13 | ================== 14 | 15 | Briefly, the shell commands `./configure; make; make install' should 16 | configure, build, and install this package. The following 17 | more-detailed instructions are generic; see the `README' file for 18 | instructions specific to this package. Some packages provide this 19 | `INSTALL' file but do not implement all of the features documented 20 | below. The lack of an optional feature in a given package is not 21 | necessarily a bug. More recommendations for GNU packages can be found 22 | in *note Makefile Conventions: (standards)Makefile Conventions. 23 | 24 | The `configure' shell script attempts to guess correct values for 25 | various system-dependent variables used during compilation. It uses 26 | those values to create a `Makefile' in each directory of the package. 27 | It may also create one or more `.h' files containing system-dependent 28 | definitions. Finally, it creates a shell script `config.status' that 29 | you can run in the future to recreate the current configuration, and a 30 | file `config.log' containing compiler output (useful mainly for 31 | debugging `configure'). 32 | 33 | It can also use an optional file (typically called `config.cache' 34 | and enabled with `--cache-file=config.cache' or simply `-C') that saves 35 | the results of its tests to speed up reconfiguring. Caching is 36 | disabled by default to prevent problems with accidental use of stale 37 | cache files. 38 | 39 | If you need to do unusual things to compile the package, please try 40 | to figure out how `configure' could check whether to do them, and mail 41 | diffs or instructions to the address given in the `README' so they can 42 | be considered for the next release. If you are using the cache, and at 43 | some point `config.cache' contains results you don't want to keep, you 44 | may remove or edit it. 45 | 46 | The file `configure.ac' (or `configure.in') is used to create 47 | `configure' by a program called `autoconf'. You need `configure.ac' if 48 | you want to change it or regenerate `configure' using a newer version 49 | of `autoconf'. 50 | 51 | The simplest way to compile this package is: 52 | 53 | 1. `cd' to the directory containing the package's source code and type 54 | `./configure' to configure the package for your system. 55 | 56 | Running `configure' might take a while. While running, it prints 57 | some messages telling which features it is checking for. 58 | 59 | 2. Type `make' to compile the package. 60 | 61 | 3. Optionally, type `make check' to run any self-tests that come with 62 | the package, generally using the just-built uninstalled binaries. 63 | 64 | 4. Type `make install' to install the programs and any data files and 65 | documentation. When installing into a prefix owned by root, it is 66 | recommended that the package be configured and built as a regular 67 | user, and only the `make install' phase executed with root 68 | privileges. 69 | 70 | 5. Optionally, type `make installcheck' to repeat any self-tests, but 71 | this time using the binaries in their final installed location. 72 | This target does not install anything. Running this target as a 73 | regular user, particularly if the prior `make install' required 74 | root privileges, verifies that the installation completed 75 | correctly. 76 | 77 | 6. You can remove the program binaries and object files from the 78 | source code directory by typing `make clean'. To also remove the 79 | files that `configure' created (so you can compile the package for 80 | a different kind of computer), type `make distclean'. There is 81 | also a `make maintainer-clean' target, but that is intended mainly 82 | for the package's developers. If you use it, you may have to get 83 | all sorts of other programs in order to regenerate files that came 84 | with the distribution. 85 | 86 | 7. Often, you can also type `make uninstall' to remove the installed 87 | files again. In practice, not all packages have tested that 88 | uninstallation works correctly, even though it is required by the 89 | GNU Coding Standards. 90 | 91 | 8. Some packages, particularly those that use Automake, provide `make 92 | distcheck', which can by used by developers to test that all other 93 | targets like `make install' and `make uninstall' work correctly. 94 | This target is generally not run by end users. 95 | 96 | Compilers and Options 97 | ===================== 98 | 99 | Some systems require unusual options for compilation or linking that 100 | the `configure' script does not know about. Run `./configure --help' 101 | for details on some of the pertinent environment variables. 102 | 103 | You can give `configure' initial values for configuration parameters 104 | by setting variables in the command line or in the environment. Here 105 | is an example: 106 | 107 | ./configure CC=c99 CFLAGS=-g LIBS=-lposix 108 | 109 | *Note Defining Variables::, for more details. 110 | 111 | Compiling For Multiple Architectures 112 | ==================================== 113 | 114 | You can compile the package for more than one kind of computer at the 115 | same time, by placing the object files for each architecture in their 116 | own directory. To do this, you can use GNU `make'. `cd' to the 117 | directory where you want the object files and executables to go and run 118 | the `configure' script. `configure' automatically checks for the 119 | source code in the directory that `configure' is in and in `..'. This 120 | is known as a "VPATH" build. 121 | 122 | With a non-GNU `make', it is safer to compile the package for one 123 | architecture at a time in the source code directory. After you have 124 | installed the package for one architecture, use `make distclean' before 125 | reconfiguring for another architecture. 126 | 127 | On MacOS X 10.5 and later systems, you can create libraries and 128 | executables that work on multiple system types--known as "fat" or 129 | "universal" binaries--by specifying multiple `-arch' options to the 130 | compiler but only a single `-arch' option to the preprocessor. Like 131 | this: 132 | 133 | ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ 134 | CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ 135 | CPP="gcc -E" CXXCPP="g++ -E" 136 | 137 | This is not guaranteed to produce working output in all cases, you 138 | may have to build one architecture at a time and combine the results 139 | using the `lipo' tool if you have problems. 140 | 141 | Installation Names 142 | ================== 143 | 144 | By default, `make install' installs the package's commands under 145 | `/usr/local/bin', include files under `/usr/local/include', etc. You 146 | can specify an installation prefix other than `/usr/local' by giving 147 | `configure' the option `--prefix=PREFIX', where PREFIX must be an 148 | absolute file name. 149 | 150 | You can specify separate installation prefixes for 151 | architecture-specific files and architecture-independent files. If you 152 | pass the option `--exec-prefix=PREFIX' to `configure', the package uses 153 | PREFIX as the prefix for installing programs and libraries. 154 | Documentation and other data files still use the regular prefix. 155 | 156 | In addition, if you use an unusual directory layout you can give 157 | options like `--bindir=DIR' to specify different values for particular 158 | kinds of files. Run `configure --help' for a list of the directories 159 | you can set and what kinds of files go in them. In general, the 160 | default for these options is expressed in terms of `${prefix}', so that 161 | specifying just `--prefix' will affect all of the other directory 162 | specifications that were not explicitly provided. 163 | 164 | The most portable way to affect installation locations is to pass the 165 | correct locations to `configure'; however, many packages provide one or 166 | both of the following shortcuts of passing variable assignments to the 167 | `make install' command line to change installation locations without 168 | having to reconfigure or recompile. 169 | 170 | The first method involves providing an override variable for each 171 | affected directory. For example, `make install 172 | prefix=/alternate/directory' will choose an alternate location for all 173 | directory configuration variables that were expressed in terms of 174 | `${prefix}'. Any directories that were specified during `configure', 175 | but not in terms of `${prefix}', must each be overridden at install 176 | time for the entire installation to be relocated. The approach of 177 | makefile variable overrides for each directory variable is required by 178 | the GNU Coding Standards, and ideally causes no recompilation. 179 | However, some platforms have known limitations with the semantics of 180 | shared libraries that end up requiring recompilation when using this 181 | method, particularly noticeable in packages that use GNU Libtool. 182 | 183 | The second method involves providing the `DESTDIR' variable. For 184 | example, `make install DESTDIR=/alternate/directory' will prepend 185 | `/alternate/directory' before all installation names. The approach of 186 | `DESTDIR' overrides is not required by the GNU Coding Standards, and 187 | does not work on platforms that have drive letters. On the other hand, 188 | it does better at avoiding recompilation issues, and works well even 189 | when some directory options were not specified in terms of `${prefix}' 190 | at `configure' time. 191 | 192 | Optional Features 193 | ================= 194 | 195 | If the package supports it, you can cause programs to be installed 196 | with an extra prefix or suffix on their names by giving `configure' the 197 | option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. 198 | 199 | Some packages pay attention to `--enable-FEATURE' options to 200 | `configure', where FEATURE indicates an optional part of the package. 201 | They may also pay attention to `--with-PACKAGE' options, where PACKAGE 202 | is something like `gnu-as' or `x' (for the X Window System). The 203 | `README' should mention any `--enable-' and `--with-' options that the 204 | package recognizes. 205 | 206 | For packages that use the X Window System, `configure' can usually 207 | find the X include and library files automatically, but if it doesn't, 208 | you can use the `configure' options `--x-includes=DIR' and 209 | `--x-libraries=DIR' to specify their locations. 210 | 211 | Some packages offer the ability to configure how verbose the 212 | execution of `make' will be. For these packages, running `./configure 213 | --enable-silent-rules' sets the default to minimal output, which can be 214 | overridden with `make V=1'; while running `./configure 215 | --disable-silent-rules' sets the default to verbose, which can be 216 | overridden with `make V=0'. 217 | 218 | Particular systems 219 | ================== 220 | 221 | On HP-UX, the default C compiler is not ANSI C compatible. If GNU 222 | CC is not installed, it is recommended to use the following options in 223 | order to use an ANSI C compiler: 224 | 225 | ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" 226 | 227 | and if that doesn't work, install pre-built binaries of GCC for HP-UX. 228 | 229 | HP-UX `make' updates targets which have the same time stamps as 230 | their prerequisites, which makes it generally unusable when shipped 231 | generated files such as `configure' are involved. Use GNU `make' 232 | instead. 233 | 234 | On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot 235 | parse its `' header file. The option `-nodtk' can be used as 236 | a workaround. If GNU CC is not installed, it is therefore recommended 237 | to try 238 | 239 | ./configure CC="cc" 240 | 241 | and if that doesn't work, try 242 | 243 | ./configure CC="cc -nodtk" 244 | 245 | On Solaris, don't put `/usr/ucb' early in your `PATH'. This 246 | directory contains several dysfunctional programs; working variants of 247 | these programs are available in `/usr/bin'. So, if you need `/usr/ucb' 248 | in your `PATH', put it _after_ `/usr/bin'. 249 | 250 | On Haiku, software installed for all users goes in `/boot/common', 251 | not `/usr/local'. It is recommended to use the following options: 252 | 253 | ./configure --prefix=/boot/common 254 | 255 | Specifying the System Type 256 | ========================== 257 | 258 | There may be some features `configure' cannot figure out 259 | automatically, but needs to determine by the type of machine the package 260 | will run on. Usually, assuming the package is built to be run on the 261 | _same_ architectures, `configure' can figure that out, but if it prints 262 | a message saying it cannot guess the machine type, give it the 263 | `--build=TYPE' option. TYPE can either be a short name for the system 264 | type, such as `sun4', or a canonical name which has the form: 265 | 266 | CPU-COMPANY-SYSTEM 267 | 268 | where SYSTEM can have one of these forms: 269 | 270 | OS 271 | KERNEL-OS 272 | 273 | See the file `config.sub' for the possible values of each field. If 274 | `config.sub' isn't included in this package, then this package doesn't 275 | need to know the machine type. 276 | 277 | If you are _building_ compiler tools for cross-compiling, you should 278 | use the option `--target=TYPE' to select the type of system they will 279 | produce code for. 280 | 281 | If you want to _use_ a cross compiler, that generates code for a 282 | platform different from the build platform, you should specify the 283 | "host" platform (i.e., that on which the generated programs will 284 | eventually be run) with `--host=TYPE'. 285 | 286 | Sharing Defaults 287 | ================ 288 | 289 | If you want to set default values for `configure' scripts to share, 290 | you can create a site shell script called `config.site' that gives 291 | default values for variables like `CC', `cache_file', and `prefix'. 292 | `configure' looks for `PREFIX/share/config.site' if it exists, then 293 | `PREFIX/etc/config.site' if it exists. Or, you can set the 294 | `CONFIG_SITE' environment variable to the location of the site script. 295 | A warning: not all `configure' scripts look for a site script. 296 | 297 | Defining Variables 298 | ================== 299 | 300 | Variables not defined in a site shell script can be set in the 301 | environment passed to `configure'. However, some packages may run 302 | configure again during the build, and the customized values of these 303 | variables may be lost. In order to avoid this problem, you should set 304 | them in the `configure' command line, using `VAR=value'. For example: 305 | 306 | ./configure CC=/usr/local2/bin/gcc 307 | 308 | causes the specified `gcc' to be used as the C compiler (unless it is 309 | overridden in the site shell script). 310 | 311 | Unfortunately, this technique does not work for `CONFIG_SHELL' due to 312 | an Autoconf limitation. Until the limitation is lifted, you can use 313 | this workaround: 314 | 315 | CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash 316 | 317 | `configure' Invocation 318 | ====================== 319 | 320 | `configure' recognizes the following options to control how it 321 | operates. 322 | 323 | `--help' 324 | `-h' 325 | Print a summary of all of the options to `configure', and exit. 326 | 327 | `--help=short' 328 | `--help=recursive' 329 | Print a summary of the options unique to this package's 330 | `configure', and exit. The `short' variant lists options used 331 | only in the top level, while the `recursive' variant lists options 332 | also present in any nested packages. 333 | 334 | `--version' 335 | `-V' 336 | Print the version of Autoconf used to generate the `configure' 337 | script, and exit. 338 | 339 | `--cache-file=FILE' 340 | Enable the cache: use and save the results of the tests in FILE, 341 | traditionally `config.cache'. FILE defaults to `/dev/null' to 342 | disable caching. 343 | 344 | `--config-cache' 345 | `-C' 346 | Alias for `--cache-file=config.cache'. 347 | 348 | `--quiet' 349 | `--silent' 350 | `-q' 351 | Do not print messages saying which checks are being made. To 352 | suppress all normal output, redirect it to `/dev/null' (any error 353 | messages will still be shown). 354 | 355 | `--srcdir=DIR' 356 | Look for the package's source code in directory DIR. Usually 357 | `configure' can determine that directory automatically. 358 | 359 | `--prefix=DIR' 360 | Use DIR as the installation prefix. *note Installation Names:: 361 | for more details, including other options available for fine-tuning 362 | the installation locations. 363 | 364 | `--no-create' 365 | `-n' 366 | Run the configure checks, but stop before creating any output 367 | files. 368 | 369 | `configure' also accepts some other, not widely useful, options. Run 370 | `configure --help' for more details. 371 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = doc src 2 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- 1 | Version 0.9 (4 August 2020) 2 | * fix terminal getting garbled by tmux by removing OPOST flag 3 | * hint the interpretation of ANSI codes ty the terminal 4 | 5 | Version 0.8 (18 March 2019) 6 | * set prctl PR_SET_DEATHSIG for the log-user-session processes 7 | * properly sanitize ssh_client before storing in opt_client 8 | * adds NonInteractiveCommandWhitelist to log only the command of 9 | the listed commands and not the output 10 | 11 | Version 0.7 (9 June 2015) 12 | * proper cleanup if parent process is killed/exits 13 | * improve output for missing or empty configuration files 14 | 15 | Version 0.6 (12 February 2015) 16 | * Optimize case when only remote command and no data has to be logged. 17 | * Do not log input of interactive sessions (bug introduced in version 0.5). 18 | 19 | Version 0.5 (4 November 2014) 20 | * Allow separate handling of non-interactive sessions. 21 | 22 | Version 0.4 (12 May 2014) 23 | * Fix start of login shell. 24 | 25 | Version 0.3 (2 May 2014) 26 | * Avoid runaway processes. 27 | 28 | Version 0.2 (8 April 2014) 29 | * Fix screen usage. 30 | 31 | Version 0.1 (7 March 2014) 32 | * Initial release of log-user-session, a tool which allows log user sessions 33 | (e.g. ssh sessions) tamper-proof for audit purposes. 34 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | log-user-session README 2 | ----------------------- 3 | log-user-session is a program to store the content of a shell session (e.g via 4 | ssh) e.g. for auditing purposes. The tool is intended to be started by the ssh 5 | server daemon. The log is tamper-proof for non-root users. 6 | 7 | Current maintainer: 8 | Konrad Bucheli 9 | 10 | Website: 11 | https://github.com/open-ch/log-user-session 12 | 13 | Dependencies 14 | ------------- 15 | A C compiler and `make` must be installed prior to installation. You need also 16 | `autoconf` if you get the source code not via official release tarball (e.g. 17 | via git or via automatic generated github source tarballs). 18 | On a Debian-based Linux distribution, they can be installed like this: 19 | 20 | sudo apt-get install autoconf gcc make 21 | 22 | Installation 23 | ------------ 24 | If you want to install log-user-session from source, proceed as follows: 25 | 26 | 1. Run `[ -f ./configure ] || ./autogen.sh` to generate the `configure` file if 27 | it is not ready yet 28 | 29 | 2. Run `./configure`. You might first review any options with 30 | `./configure --help`. The defaults are likely fine. 31 | 32 | 3. Run `make` 33 | 34 | 4. Run `sudo make install` 35 | 36 | 5. Have a look at `man log-user-session` for usage help. 37 | 38 | 6. Create the configuration file /etc/log-user-session.conf and integrate the 39 | tool into your sshd configuration. 40 | 41 | 42 | Supported Platforms 43 | ------------------- 44 | This tool has been so far only tested on Linux. 45 | 46 | 47 | Credits 48 | ------- 49 | Konrad Bucheli (kb@open.ch) 50 | -------------------------------------------------------------------------------- /autoclean.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | [ -f Makefile ] && make clean 3 | rm -f Makefile 4 | rm -f Makefile.in 5 | rm -f aclocal.m4 6 | rm -rf autom4te.cache 7 | rm -f config.guess 8 | rm -f config.h 9 | rm -f config.h.in 10 | rm -f config.log 11 | rm -f config.status 12 | rm -f config.sub 13 | rm -f configure 14 | rm -f depcomp 15 | rm -f install-sh 16 | rm -f missing 17 | rm -f doc/Makefile.in 18 | rm -f doc/Makefile 19 | rm -f doc/log-user-session.8 20 | rm -f src/Makefile.in 21 | rm -f src/Makefile 22 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | autoreconf -i 3 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | AC_INIT([log-user-session],[0.9]) 2 | AM_INIT_AUTOMAKE 3 | 4 | # Checks for programs. 5 | AC_PROG_CC 6 | AC_PROG_INSTALL 7 | 8 | # Checks for libraries. 9 | AC_CHECK_LIB([util], [openpty]) 10 | 11 | 12 | # Checks for header files. 13 | AC_CHECK_HEADERS([fcntl.h stdlib.h string.h unistd.h]) 14 | 15 | # Checks for typedefs, structures, and compiler characteristics. 16 | AC_TYPE_SIZE_T 17 | AC_TYPE_SSIZE_T 18 | AC_TYPE_UID_T 19 | 20 | # Checks for library functions. 21 | AC_FUNC_FORK 22 | AC_FUNC_MALLOC 23 | AC_CHECK_FUNCS([dup2 gethostname localtime_r mkdir select strdup strndup]) 24 | 25 | AC_CONFIG_FILES([Makefile doc/Makefile src/Makefile]) 26 | 27 | AC_OUTPUT 28 | -------------------------------------------------------------------------------- /doc/Makefile.am: -------------------------------------------------------------------------------- 1 | man_MANS = log-user-session.8 2 | 3 | EXTRA_DIST = log-user-session.8 log-user-session.pod 4 | 5 | log-user-session.8: log-user-session.pod 6 | pod2man -c "" -s 8 -r "log-user-session" $< >$@ 7 | 8 | -------------------------------------------------------------------------------- /doc/log-user-session.pod: -------------------------------------------------------------------------------- 1 | =head1 NAME 2 | 3 | log-user-session - create a log of a (ssh) session 4 | 5 | =head1 SYNOPSIS 6 | 7 | B [ I ] 8 | 9 | Intended to be used via ssh, either as forced command in sshd_config: 10 | 11 | C 12 | 13 | or in ~/.ssh/autorized_keys 14 | 15 | C 16 | 17 | 18 | =head1 DESCRIPTION 19 | 20 | B is a program to store the log of a shell session (e.g via ssh) e.g. for auditing 21 | purposes. Unlike session logging by B