Add sample profile hooks for people to use

README.md

@@ -231,6 +231,26 @@ Customize `tlog-rec-session` configuration in
 `/etc/tlog/tlog-rec-session.conf` as necessary (see `tlog-rec-session.conf(5)`
 for details).
 
+#### Automatically recording login sessions for users
+
+Sample scripts have been made available in `/usr/share/doc/tlog/profile.d` that
+provide an automatic method for recording sessions from users or groups
+specified in `/etc/security/tlog.users`.
+
+To use these scripts, simply copy them into `/etc/profile.d`.
+
+A valid `tlog.users` file might look like the following:
+
+```
+# Log all actions by the 'root' user
+root
+
+# Log all actions by anyone in the 'admins' group
+%admins
+```
+
+Note: Whitespace is **not** ignored.
+
 #### Locale configuration issue on Fedora and RHEL
 
 Fedora and RHEL (and some other distros) use an approach for configuring

doc/profile.d/tlog.csh

@@ -0,0 +1,50 @@
+# Place this script in /etc/profile.d to automatically hook any login or
+# interactive shell into tlog for a user or group listed in
+# /etc/security/tlog.users
+#
+# Entries in tlog.users should be listed one per line where users are bare
+# words such as `root` and groups are prefixed with a percent sign such as
+# `%root`.
+#
+# Copyright 2018 Trevor Vaughan <tvaughan@onyxpoint.com> - Onyx Point, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+set TLOG_USERS="/etc/security/tlog.users"
+set TLOG_CMD="/usr/bin/tlog-rec-session"
+
+if ( -f "$TLOG_USERS" ) then
+  if ( ! ($?TLOG_RUNNING) ) then
+
+    set TLOG_D='$'
+    set TLOG_PATTERN="^(%$GROUP|$USER)$TLOG_D"
+    set TLOG_MATCH=`grep -E "$TLOG_PATTERN" "$TLOG_USERS"`
+
+    if ( "$TLOG_MATCH" != "" ) then
+      setenv TLOG_RUNNING true
+
+      setenv TLOG_REC_SESSION_SHELL $SHELL
+
+      if ($?prompt || $?loginsh) then
+        set TLOG_CMD="$TLOG_CMD -l"
+      endif
+
+      set TLOG_PATTERN='-c[[:space:]]\+.\+'
+      set TLOG_PASSTHROUGH_CMD=`ps --no-headers -o args $$ | grep -oe "$TLOG_PATTERN"`
+
+      if ( "$TLOG_PASSTHROUGH_CMD" == "" ) then
+        exec $TLOG_CMD
+      endif
+    endif
+  endif
+endif

doc/profile.d/tlog.sh

@@ -0,0 +1,58 @@
+# Place this script in /etc/profile.d to automatically hook any login or
+# interactive shell into tlog for a user or group listed in
+# /etc/security/tlog.users
+#
+# Entries in tlog.users should be listed one per line where users are bare
+# words such as `root` and groups are prefixed with a percent sign such as
+# `%root`.
+#
+# Copyright 2018 Trevor Vaughan <tvaughan@onyxpoint.com> - Onyx Point, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+TLOG_USERS="/etc/security/tlog.users"
+TLOG_CMD="/usr/bin/tlog-rec-session"
+
+tlog_parent(){
+  retval=1
+
+  ppid=`ps --no-headers -o ppid $1`
+
+  if [ $ppid -gt 1 ]; then
+    if `ps --no-headers -o ppid,args $1 | grep -q 'tlog-rec-session'`; then
+      return 0
+    else
+      tlog_parent $ppid
+      retval=$?
+    fi
+
+  fi
+
+  return $retval
+}
+
+if [ -f "${TLOG_USERS}" ]; then
+  if ! `tlog_parent $PPID`; then
+    if `grep -qE "^(%${GROUP}|${USER})$" "${TLOG_USERS}"`; then
+      if [[ $- == *i* ]] || `shopt -q login_shell`; then
+        TLOG_CMD="${TLOG_CMD} -l"
+      fi
+
+      if ! `ps --no-headers -o args $$ | grep -qe "-c[[:space:]]\+.\+"`; then
+        TLOG_REC_SESSION_SHELL=$SHELL
+
+        exec $TLOG_CMD
+      fi
+    fi
+  fi
+fi