Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: log the ip of the executor

by idsfa (Vicar)
on Apr 20, 2006 at 20:34 UTC ( #544696=note: print w/ replies, xml ) Need Help??


in reply to log the ip of the executor

First off, I would recommend that you not sudo the whole menuing script. This requires very careful coding of your menu script and everything it calls to avoid holes in your security. You could specify that the module scripts (or anything in the correct directory, if you really trust everyone with write privs to that directory), be valid sudo commands for the users of the menu system. Ideally, you might want to move the sudo commands into the scripts themselves to ensure that no unapproved commands can be executed with root privileges.

Now, as to your question, the operating system (Unix from your post) maintains a logging file utmpx of the currently logged in users. This log includes the point of origin of the login. The Unix command to see who is logged in on a terminal, which terminal, since when and from where is who am i. It is not fooled by sudo:

$ who am i idsfa pts/11 Apr 20 15:09 (10.0.0.1) $ sudo who am i idsfa pts/11 Apr 20 15:09 (10.0.0.1)

You could use this in your logs to identify which login & IP source issued a given command. Other than running this program, you could also use User::Utmp to read the log directly, with something like:

use User::Utmp qw(:constants :utmpx); use POSIX qw(ttyname); my $tty = ttyname(); my @utmp = getutx(); my $ip = "Rogue Hacker"; foreach $entry (@utmp) { next if ($entry->{ut_type} != USER_PROCESS); next if ($entry->{ut_line} ne $tty); $ip = $entry->{ut_host}; last; }

The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. — Cyrus H. Gordon


Comment on Re: log the ip of the executor
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://544696]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (7)
As of 2014-12-20 19:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (97 votes), past polls