|
I need to monitor everyone login server [assume -> linux OS] and “opened” status:
How?
use “root” user =>
1. Modify /etc/syslog.conf file (retrive information about authen… to /var/log/auth.log file)
.
.
.
auth,authpriv.* /var/log/auth.log
2. create /var/log/auth.log file and restart syslog service:
# touch /var/log/auth.log
# chmod 600 /var/log/auth.log
# /etc/init.d/syslog restart
…
3. write program (assume: /root/sbin/getauth.pl file):
#!/usr/bin/perl
my $LOCAL_TIME;
my $LOG_FILE=’/var/log/auth.log’;
my $TMP_FILE=’/root/sbin/.auth.log’;
my $smail=’sender@domain’;
my $rmail=’to@domain’;
my $content=’opened’;
my $chk=0;
my $host=`hostname`;
system (“/bin/cat /dev/null > $TMP_FILE”);
system (“/usr/bin/tail -0f $LOG_FILE | /usr/bin/tee -a $TMP_FILE &”);
while ( 1 ) {
$chk=`/bin/cat $TMP_FILE | /bin/grep $content |/usr/bin/wc -l` ;
if ($chk > 0){
unless(open (MAIL, “|/usr/sbin/sendmail -t”)) {
print “error.\n”;
warn “Error starting sendmail: $!”;
}else{
print MAIL “From: $smail\n”;
print MAIL “To: $rmail\n”;
print MAIL “Subject: [Info] Session opened on $host\n\n”;
print MAIL “——————————————\n”;
print MAIL `/bin/cat $TMP_FILE | /bin/grep $content`;
print MAIL “\n”;
print MAIL “——————————————\n”;
close(MAIL) || warn “Error closing mail: $!”;
print “Mail sent.\n”;
}
system (“/bin/cat /dev/null > $TMP_FILE”);
}
sleep 5;
}
4. start program to background process…
# /root/sbin/getauth.pl > /dev/null 2>&1 &
# ps -aef | grep getauth.pl
root 24933 1 0 Apr25 ? 00:00:38 /usr/bin/perl /root/sbin/getauth.pl
5. Test login to server and check e-mail
Related Jobs: - Securing inetd, hosts.allow, and hosts.deny
- Perl frequently asked questions , interview questions (Part1)
- How to forcefully unmount a Linux/AIX/Solaris disk Partition?
- Simple perl script for searching logfiles
- Solaris JumpStart Configuration.
|
Leave a Comment