#
# ~/.bashrc
#
# Done for root shell

# -========== Start Of Normal File ==========-

# -========== User specific aliases and functions ==========-
set -o ignoreeof


# -========== System Aliases ==========-
alias rm="rm -i"
alias cp="cp -i"
alias mv="mv -i"
alias ls="ls -N"

# -========== Editor ==========-
export EDITOR=vim
export VISUAL=$EDITOR

# -========== Path ==========
PATH=$PATH:/usr/local/bin:/usr/local/sbin:/local/admin/scripts:/local/admin/bin:/usr/lib/nagios/custom

export PATH

# World readable as we are dealing on webservers
umask 0002

if [[ $STY != "" ]]
then
    # Should be in screen

    # Fix ssh key auth
    SSH_AUTH_SOCK=~/tmp/${USER}-screen-ssh-agent.sock.
fi

if [ -f ~/.bashrc ]; then
    . ~/.bashrc
fi

ISVE=""
LXC=$(grep -c lxc /proc/1/cgroup 2>/dev/null)
#\[\e[31m\] - red
#\[\e[33m\] - yellow
[[ "$LXC" -gt "0" ]] && ISVE="\[\e[31m\][\[\e[33m\]LXC\[\e[31m\]]" && export ISVE
KVM=$(dmesg | egrep "kvm-clock|Detected virtualization 'kvm'" | wc -l)
[[ "$KVM" -gt "0" ]] && ISVE="\[\e[31m\][\[\e[33m\]KVM\[\e[31m\]]" && export ISVE

# -========== Left Prompt ==========-
export PS1="\[\033[0;33m\]\h\[\033[0;31m\] $ISVE[\[\033[0;33m\]\w\[\033[0;31m\]] \[\033[0;33m\]# "

export HISTORY="/var/log/history"
alias audit='tail -n 100 $HISTORY'
if [[ ${TERM} == 'screen' ]] ; then
    PROMPT_COMMAND='echo -ne "\033k${HOSTNAME%%.*}\033\\"'
    export PROMPT_COMMAND
fi

if [ -f ~/.bash_audit ]; then
    . ~/.bash_audit
fi

# enable bash completion in interactive shells
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
    . /etc/bash_completion
fi

if [ -z "$SSHUSER" ]
then
    echo "WARNING: SSHUSER is not set";
fi

# Setup vim alias
# First strip any secondary identifiers
BARE_SSHUSER="${SSHUSER%_*}"
if [ -f /root/.vimrc.d/vimrc.${BARE_SSHUSER} ]; then
    alias vim="vim -u /root/.vimrc.d/vimrc.${BARE_SSHUSER}"
fi

#
# Modified to work with su
#
declare -rx AUDIT_TAG="audit[0]"
declare -rx HISTCONTROL="ignoredups"                        #does not ignore spaces
declare -rx HISTIGNORE=""                                   #does not ignore patterns
declare -rx AUDIT_LOGINUSER="$(who -mu | awk '{print $1}')"
declare -rx AUDIT_LOGINPID="$(who -mu | awk '{print $6}')"
declare -rx AUDIT_USER="$SSHUSER"                              #defined by pam during su/sudo
declare -rx AUDIT_PID="$$"
declare -rx AUDIT_TTY="$(who -mu | awk '{print $2}')"
declare -rx AUDIT_SSH="$([ -n "$SSH_CONNECTION" ] && echo "$SSH_CONNECTION" | awk '{print $1":"$2"->"$3":"$4}')"
declare -rx AUDIT_STR="$SSHUSER $AUDIT_LOGINUSER/$AUDIT_LOGINPID as [[USERSTR]]/$AUDIT_PID on $AUDIT_TTY/$AUDIT_SSH"
set +o functrace                                            #disable trap DEBUG inherited in functions, command substitutions or subshells, normally the default setting already
shopt -s extglob                                            #enable extended pattern matching operators
function audit_DEBUG() {
  if [ "$BASH_COMMAND" != "$PROMPT_COMMAND" ]               #avoid logging unexecuted commands after 'ctrl-c or 'empty+enter'
  then
    # Replace the user with our current one
    LOCAL_AUDIT_STR="${AUDIT_STR/\[\[USERSTR\]\]/$USER}"
    local AUDIT_CMD="$(history 1)"                          #current history command
    if ! logger -p user.info -t "$AUDIT_TAG" "$LOCAL_AUDIT_STR $PWD" "${AUDIT_CMD##*( )?(+([0-9])?(\*)+( ))}"
    then
      echo error "$LOCAL_AUDIT_STR $PWD" "${AUDIT_CMD##*( )?(+([0-9])[^0-9])*( )}"
    fi
  fi
}
export -f audit_DEBUG

function audit_EXIT() {
  local AUDIT_STATUS="$?"
  LOCAL_AUDIT_STR="${AUDIT_STR/\[\[USERSTR\]\]/$USER}"
  logger -p user.info -t "$AUDIT_TAG" "$LOCAL_AUDIT_STR" "#=== bash session ended. ==="
  exit "$AUDIT_STATUS"
}
export -f audit_EXIT

declare -fr +t audit_DEBUG
declare -fr +t audit_EXIT

LOCAL_AUDIT_STR="${AUDIT_STR/\[\[USERSTR\]\]/$USER}"
logger -p user.info -t "$AUDIT_TAG" "$LOCAL_AUDIT_STR" "#=== New bash session started. ===" #audit the session opening

#when a bash command is executed it launches first the audit_DEBUG(),
#then the trap DEBUG is disabled to avoid a useless rerun of audit_DEBUG() during the execution of pipes-commands;
#at the end, when the prompt is displayed, re-enable the trap DEBUG
declare -rx PROMPT_COMMAND="trap 'audit_DEBUG; trap DEBUG' DEBUG; echo -ne '\ek${HOSTNAME%%.*}\e\\\\\r\e]0;${HOSTNAME%%.*}\a'"
declare -rx BASH_COMMAND                                    #current command executed by user or a trap
declare -rx SHELLOPT                                        #shell options, like functrace
trap audit_EXIT EXIT

# audit - /etc/rsyslog.d/10-audit.conf
# No - in front of file to force a sync
# ~ stops further processing and leaves these just in history
if $syslogfacility-text == 'user' and $syslogtag contains 'audit' then {
    /var/log/history
    stop
}