/*
 * shlog.c (c) Mixter
 * FIXED Version (thanks to scagneti@chisel.toolcity.net)
 * Well, this does not too much.. it will determine the
 * origin (remote IP address) from which a shell is launched (user
 * id/remote host), and write a syslog entry, everytime a login shell
 * is invoked. This can help against login trojans, or just for providing
 * better audit trails.
 * Put a call to shlog into /etc/profile and/or /etc/bashrc
 */

#include <syslog.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#define IO_STDIN	0

int 
main (int argc, char **argv)
{
  struct sockaddr_in sin;
  unsigned int nl = sizeof (struct sockaddr_in);
  int test = getpeername (IO_STDIN, (struct sockaddr *) &sin, &nl);

  (void) openlog (argv[0], LOG_PID, LOG_AUTHPRIV);

  if (test == 0)
    syslog (LOG_NOTICE | LOG_AUTHPRIV,
	    "shell '%s' (uid: %d euid: %d gid: %d) invoked by remote connection from host %s",
	    getenv ("SHELL"),
	    getuid (), geteuid (), getgid (),
	    inet_ntoa (sin.sin_addr));
  else
    syslog (LOG_NOTICE | LOG_AUTHPRIV,
      "shell '%s' (uid: %d euid: %d gid: %d) invoked from local host or program",
            getenv ("SHELL"),
	    getuid (), geteuid (), getgid ());

  (void) closelog ();

  return 0;
}