Description
-----------

This is a patch for GNU bash (tested on v2.05b) to enable logging of all
shell commands to files and/or syslog. It is meant to keep an audit trail of
your users.

Logs of commands are stored regardless of the user's HISTORY settings.

When storing logs as files, they are created in the following format:

PREFIX/USERNAME/YYYY-MM-DD/HH:MM:SS.HOSTNAME.PID

Here is an example of the actual file format:

1034446373 Sat Oct 12 14:12:53 2002 : ls
1034446374 Sat Oct 12 14:12:54 2002 : pwd
1034446374 Sat Oct 12 14:12:54 2002 : 
1034446374 Sat Oct 12 14:12:54 2002 : SHELL EXIT

Here is an example of the syslog format:

Oct 12 14:10:39 viraj bash: CMD_LOG:valankar:19145: ls
Oct 12 14:10:49 viraj bash: CMD_LOG:valankar:19145: pwd
Oct 12 14:10:54 viraj bash: CMD_LOG:valankar:19145: vi expr.c

Setup
-----

1. Patch the sources:

tar -xzf bash-2.05b.tar.gz
cd bash-2.05b
tar -xvzf /path/to/bash_logger-1.0.tar.gz
patch < bash_logger.patch

2. Decide where you want to store the logs. This is the PREFIX from the
filename above. You may have a different PREFIX for the root user as opposed
to other users. For example, if you want user logs to be stored as:

/home/logs/user_logs/USERNAME/...

and root user logs to be stored as:

/home/logs/root_logs/root/...

Use /home/logs/user_logs for USER_DIR and /home/logs/root_logs for ROOT_DIR
and run the command:

./bash_logger_munge.pl USER_DIR ROOT_DIR > bash_logger_munge_dirs.h

This command simply tries to hide these strings from showing up in the bash
binary via a 'strings' command.

Even if you will be only using syslog logging, you must run the above command.

3. Edit bash_logger.c and set use_syslog to 1 if you want to enable syslog
logging.

4. Follow the standard installation instructions for bash, e.g.:

./configure
make
make install

Bugs
----

Report them to valankar@bigfoot.com.