1eee2dd012
Add a facility to log <cmd> as requested by "ssh <host> <cmd>". Commands are logged by setting the 'ForceCommand "/usr/sbin/sshlog"' option.in sshd_config. Interactive sessions, <cmd> is null, are not logged. Story: 2009109 Task: 42970 Task: 42971 Change-Id: I6de4205b954e4762aa2c6807af297818cd6a9bc1 Signed-off-by: Joe Slater <joe.slater@windriver.com>
50 lines
873 B
Python
Executable File
50 lines
873 B
Python
Executable File
#!/usr/bin/python3
|
|
#
|
|
# Copyrights (c) 2021 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
# We assume that we are being called because of a command option in
|
|
# ssh authorized_keys for whoever we are. Where the log goes depends
|
|
# on the configuration of syslog.
|
|
|
|
# replace bash
|
|
#
|
|
# logger --id=$$ -p user.info SSHLOG: $SHELL \"${SSH_ORIGINAL_COMMAND}\"
|
|
#
|
|
# exec $SHELL -c "${SSH_ORIGINAL_COMMAND}"
|
|
|
|
import os
|
|
|
|
try:
|
|
shell = os.environ['SHELL']
|
|
except:
|
|
shell = "/bin/sh"
|
|
|
|
# Do not log interactive session
|
|
#
|
|
try:
|
|
cmd = os.environ['SSH_ORIGINAL_COMMAND']
|
|
except:
|
|
os.execl(shell, shell)
|
|
|
|
import syslog, pwd
|
|
|
|
try:
|
|
user = pwd.getpwuid(os.getuid())[0]
|
|
except:
|
|
user = "unknown"
|
|
|
|
try:
|
|
msg = "user=%s cmd='%s'" % (user,cmd)
|
|
syslog.syslog(syslog.LOG_USER | syslog.LOG_DEBUG, msg)
|
|
except:
|
|
pass
|
|
|
|
# execute cmd
|
|
#
|
|
os.execl(shell, shell, "-c", cmd)
|
|
|
|
|