#!/bin/sh -efu

AUDITCTL=/sbin/auditctl

prefix="$1"
wdir="$2"
slot="$3"

uid="${USER}_b$slot"

if ! id "$uid" 1>/dev/null 2>&1; then
    echo "[$prefix] ERROR: User $uid not found." >&2
    exit 1
fi

"$AUDITCTL" -D -k "$prefix"
"$AUDITCTL" -a always,exit -F arch=b32 -F uid="$uid" -S execve -k "$prefix"
"$AUDITCTL" -a always,exit -F arch=b64 -F uid="$uid" -S execve -k "$prefix"
"$AUDITCTL" -a always,exit -F arch=b32 -F uid="$uid" -S exit_group -k "$prefix"
"$AUDITCTL" -a always,exit -F arch=b64 -F uid="$uid" -S exit_group -k "$prefix"

echo "[$prefix]: Audit is turned on." >&2
