#!/bin/bash # ========== # $File: //guest/amo/scripts/triggers/argcheck.sh $ # $Revision: #1 $ # $Change: 24542 $ # # $Author: amo $ # $DateTimeTZ: 2018/09/03 04:30:11 -0700 PDT $ # ---------- # attempt to check parameters passed to a command # pre-user-command trigger, defined like this: # # argcheck command pre-user-.* "%//scripts/triggers/argcheck.sh% %user% %client% %serverid% %quote%%groups%%quote% %command% %argc% %argsQuoted%" # # This pre-command trigger fires on any and all commands. # The user's group membership (passed using the trigger-script variable "%groups%") is checked for the name specified below as 'this'. # If found, then we check for a log file called $this.log, write a 'header' to this file if not present, then log the output of the command. # Timestamp, username, client serverid, argument count, list of arguments. # ---------- # Hardcoded format strings in the printf commands may need to be adjusted to accommodate particularly lengthy naming conventions. # Not tested for a wide variety of arguments; some strings may result in string- or number-handling errors. # ========== this=argcheck user=$1 client=$2 server=$3 groups=$4 cmd=$5 argc=$6 argsQuoted=$7 echo $groups | grep $this > /dev/null out=$? if [ $out = 0 ] then if [ ! -f $this.log ]; then printf "%-25s\t %-10s\t %-20s\t %-10s\t %4s\t %-20s\t %-s\n" TIMESTAMP USER CLIENT SERVERID ARGC COMMAND ARGUMENTS >> $this.log fi printf "%-25s\t %-10s\t %-20s\t %-10s\t %4d\t %-20s\t %-s\n" $(date -u +"%Y-%m-%d-%H:%M:%S-%Z") $user $client $server $argc $cmd $argsQuoted >> $this.log; exit 0; fi
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#1 | 24542 | Adam Morriss | moving 'argcheck' trigger script to 'triggers' sub-directory | ||
//guest/amo/scripts/argcheck.sh | |||||
#2 | 24206 | Adam Morriss | updating argcheck - adding the command itself, not just the args | ||
#1 | 24205 | Adam Morriss |
New script, 'argcheck'. With the appropriate trigger definition (as in the script comments) a member of group 'argcheck' will have their command arguments written to a log file. |