#!/bin/bash
#
# test_idle
#
#
# User Idle ueberwachen
#   Nur User, die zu "root" gewechsel haben oder an der Konsole angemeldet sind.
#
##################################################################################################
#
. `dirname $0`/uls_header
#
D=`date '+%s'`
export LANG=C
#
who -u | while read user term dummy
 do
  if [[ "$term" != *:* ]]
   then
    W=$(( (`date '+%s'` - `ls --time-style='+%s' -l /dev/$term | awk '{print $(NF-1)}'`) / 3600 ))
    if [[ $W -gt 0 ]]
     then
      echo "$user|$term|$W"
    fi
  fi
done | awk -v H="$ULSHOSTNAME" -v D=$D '
BEGIN { psef = "ps -ef"
        while( (psef | getline) > 0 )
        { if( $6 != "?" )
          { user[$2] = $1
            parent[$2] = $3
            term[$2] = $6
            line[$2] = $8
            for( i = 9; i <= NF; i++ )
              line[$2] = line[$2] " " $i
          }
        }
        close(psef)
        FS = "|"
      }
{ cmdline = ""
  if( $2 ~ /tty/ )
  { r = 1
    for( j in parent )
    { if( term[j] == $2 && line[j] ~ "^-?bash" )
      { cmdline = line[j]
        for( k in parent )
          if( parent[k] == j )
            cmdline = line[k]
      }
    }
  }
  else
  { r = 0
    for( i in term )
    { if( term[i] == $2 )
      { if( line[i] ~ "^sudo.*sudo2uls" )
        { for( j in parent )
          { if( parent[j] == i && user[j] == "root" )
              r = 1
          }
          if( line[i] ~ "^/usr/bin/script -c /bin/bash -l " )
          { for( j in parent )
            { if( parent[j] == i && line[j] == "/bin/bash -l" )
              { cmdline = line[j]
                for( k in parent )
                  if( parent[k] == j )
                    cmdline = line[k]
              }
            }
          }
        }
        if( line[i] ~ "^su$|^su " && user[i] == "root" )
        { r = 1
          for( j in parent )
          { if( parent[j] == i && line[j] ~ "^-?bash" )
            { cmdline = line[j]
              for( k in parent )
                if( parent[k] == j )
                  cmdline = line[k]
            }
          }
        }
      }
    }
  }
  if( r )
  { DT = strftime("%Y-%m-%d %T", D++)
    printf("V;%s;%s;Security;User;Name;%s; \n", DT, H, $1)
    printf("V;;;;;Term;%s; \n", $2)
    printf("V;;;;;Idle;%s;h\n", $3)
    if( cmdline != "" )
      printf("V;;;;;Cmd;%s; \n", cmdline)
  }
}' | send_test_tab
