Automatically record bash sessions

scriptrec.sh

#####################################################################
#
# This script starts an automatically recorded session using `script`
# storing logs in `$log_dir`. Care should be taken to secure records
# generated by this script as they may easily contain passwords and
# other sensistive information.
#
#####################################################################

# FIXME(bh): make this configurable
log_dir=~/logs/typescript/

#####################################################################
# Session record files follow a simple naming convention as follows:
#
#   2020-12-31T23:59:59Z [whoami@hostname] [uuid].ext
#
# This format should allow simple sorting, grouping, and filtering.
#####################################################################
uuid=$(cat /proc/sys/kernel/random/uuid)
uuid=$(echo "$uuid" | tr '[:lower:]' '[:upper:]' | tr -d '\n')
whoami=$(whoami)
hostname=$(hostname)
isodate=$(date -u +%Y-%m-%dT%H:%M:%SZ)

log_filename_prefix="$isodate [$whoami@$hostname] [$uuid]"

#####################################################################
# Unfortunately the `script` utility requires using separate files
# for pseudo-terminal input and output and associated timing data.
#####################################################################
log_filename_script="$log_filename_prefix.typescript"
log_filename_timing="$log_filename_prefix.timing"

log_path_script="$log_dir/$log_filename_script"
log_path_timing="$log_dir/$log_filename_timing"

#####################################################################
# The `script` utility starts another shell on its own and we need to
# prevent infinite recursion. This is one attempt to do so, as found
# on `https://unix.stackexchange.com/questions/25639/`. It might be
# redundant with the subsequent check.
#####################################################################
parent_process_name=$(ps -ocommand= -p $PPID | awk '{print $1}')
test "$parent_process_name" == 'script' && break;

#####################################################################
# The `test -t` check is suggested in some versions of `man script`.
# The check fails if STDIN is not a "terminal". 
#####################################################################
if test -t 0 ; then

  ###################################################################
  # The target directory should exist and should only be readable by
  # the intended user. The following is a half-hearted attempt to do
  # that. It might be nice to verify permissions and warn or fail if
  # the permissions are set incorrectly.
  ###################################################################
  mkdir --mode=0700 -p "$log_dir"

  ###################################################################
  # Similarily for files. It might be possible to be more restrictive
  # here and also disallow the user to read the files in their unse-
  # cured form; it might also be nice to fail here if the files some-
  # how exist already.
  ###################################################################
  touch "$log_path_script"
  chmod 0600 "$log_path_script"

  touch "$log_path_timing"
  chmod 0600 "$log_path_timing"

  script \
    --quiet \
    --flush \
    --append \
    --timing="$log_path_timing" \
    "$log_path_script"

  exit

fi