«

Hi ,
i should write a script which sends a mail whenever a new user is
trying to login to the system(linux) as a root. As much as i know that
script should work like daemon(i think that i can write it ) , but i
don't know what exactly should the script do ?
How can i understand when someone try to login to the computer ?
Any ideas ?

thank you

(murph) wrote:
> i should write a script which sends a mail whenever a new user is
> trying to login to the system(linux) as a root. As much as i know that
> script should work like daemon(i think that i can write it ) , but i
> don't know what exactly should the script do ?
> How can i understand when someone try to login to the computer ?
> Any ideas ?

If the system uses PAM then the easiest way is to hook in there (this
is not a Perl question, and the answer will be a C program). Otherwise
you could have a program sit reading the logs...

Ben

--
Every twenty-four hours about 34k children die from the effects of poverty.
Meanwhile, the latest estimate is that 2800 people died on 9/11, so it's like
that image, that ghastly, grey-billowing, double-barrelled fall, repeated
twelve times every day. Full of children. [Iain Banks]

On Mon, 09 Feb 2004 04:52:21 -0800, murph wrote:

> i should write a script which sends a mail whenever a new user is
> trying to login to the system(linux) as a root. As much as i know that
> script should work like daemon(i think that i can write it ) , but i
> don't know what exactly should the script do ?
> How can i understand when someone try to login to the computer ?
> Any ideas ?

You could look at SWATCH (which is written in Perl and recommended by
various security sources). http://swatch.sourceforge.net/

Another option is to put together a script to read from a FIFO, alter
your syslog.conf file to include sending messages to the FIFO, and then do
something when a specified line is encountered.

I'm sure there are other ways to do it.

HTH

--
Jim

Copyright notice: all code written by the author in this post is
released under the GPL. http://www.gnu.org/licenses/gpl.txt
for more information.

a fortune quote ...
The longer I am out of office, the more infallible I appear to
myself. -- Henry Kissinger

James Willmore <> wrote in message news:< a.net>...
> On Mon, 09 Feb 2004 04:52:21 -0800, murph wrote:
>
> > i should write a script which sends a mail whenever a new user is
> > trying to login to the system(linux) as a root. As much as i know that
> > script should work like daemon(i think that i can write it ) , but i
> > don't know what exactly should the script do ?
> > How can i understand when someone try to login to the computer ?
> > Any ideas ?
>
> You could look at SWATCH (which is written in Perl and recommended by
> various security sources). http://swatch.sourceforge.net/
>
> Another option is to put together a script to read from a FIFO, alter
> your syslog.conf file to include sending messages to the FIFO, and then do
> something when a specified line is encountered.
>
> I'm sure there are other ways to do it.
>
> HTH
>
> --
> Jim
>
> Copyright notice: all code written by the author in this post is
> released under the GPL. http://www.gnu.org/licenses/gpl.txt
> for more information.
>
> a fortune quote ...
> The longer I am out of office, the more infallible I appear to
> myself. -- Henry Kissinger

Ok
thank u very much
I understand how to configure the syslogd.conf to put the logs direct
to a named pipe . Now i want to write my perl script , but i have
really problems using named pipes .
I created named pipe manually (mkfifo pipe ) , change it permissions
so that the script can read and write from it ( 0777 )

#!/usr/bin/perl
$fifo_name = "./fifo" ;
while(1){
open(FIFO ,"> $fifo_name");
$error = <FIFO> ;
if($error){
chomp($error);
print "Error: $error\n";
}
}

But i didn't receice a log messages
Than i try to make two scripts reader.pl and writer.pl just for
testing
But they didn't work two .
They look the same , any ideas why that happens

[please wrap your posts at 72 characters or so]

(murph) wrote:
> James Willmore <> wrote in message
> news:< a.net>...
> >
> > Another option is to put together a script to read from a FIFO, alter
> > your syslog.conf file to include sending messages to the FIFO, and then do
> > something when a specified line is encountered.
>
> I understand how to configure the syslogd.conf to put the logs direct
> to a named pipe . Now i want to write my perl script , but i have
> really problems using named pipes .
> I created named pipe manually (mkfifo pipe ) , change it permissions
> so that the script can read and write from it ( 0777 )

Whoa there, that's a little extreme. You certainly don't need execute
permissions on a fifo, and you probably don't need anything higher
than 600 if you can arrange for the reader to run as the same user as
syslog (and make that user own the fifo, of course; though it will if
syslogd creates it for you).

> #!/usr/bin/perl
> $fifo_name = "./fifo" ;
> while(1){
> open(FIFO ,"> $fifo_name");

You are opening FIFO for writing...

> $error = <FIFO> ;

....and then trying to read from it. The open will block until there is
a reader, so this will appear to hang.

Also, you should be using lexical FHs, and checking the return of
open; and your loop should be structured differently:

open my $FIFO, '<', $fifo_name or die "can't open $fifo_name: $!";
# this ^^^^^^^^
# is a lexical FH. It will close when it goes out of scope.

while (<$FIFO>) { # implicitly while (defined( $_ = <$FIFO> )) {
chomp; # this will loop until EOF
print "Error: $_\n";
}

If you want to try opening it again after the other end closes it, put
another loop around all of that.

> if($error){
> chomp($error);
> print "Error: $error\n";
> }
> }
>
> But i didn't receice a log messages
> Than i try to make two scripts reader.pl and writer.pl just for
> testing
> But they didn't work two .

What happened? Show us the scripts.

Ben

--
"If a book is worth reading when you are six, *
it is worth reading when you are sixty." - C.S.Lewis

On Tue, 10 Feb 2004 02:25:46 -0800, murph wrote:

> James Willmore <> wrote in message news:< a.net>...
>> On Mon, 09 Feb 2004 04:52:21 -0800, murph wrote:

<snip>

>>
>> Another option is to put together a script to read from a FIFO, alter
>> your syslog.conf file to include sending messages to the FIFO, and then do
>> something when a specified line is encountered.

<snip>

> I understand how to configure the syslogd.conf to put the logs direct
> to a named pipe . Now i want to write my perl script , but i have
> really problems using named pipes .
> I created named pipe manually (mkfifo pipe ) , change it permissions
> so that the script can read and write from it ( 0777 )

To make it really secure, make the owner 'root' and make the permissions
600 (-rw-------).
You don't what *anyone* to have the ability to read/write to the FIFO -
because that would open a potential "hole" in your system and
you don't wwant that

> #!/usr/bin/perl
> $fifo_name = "./fifo" ;
> while(1){
> open(FIFO ,"> $fifo_name");
> $error = <FIFO> ;
> if($error){
> chomp($error);
> print "Error: $error\n";
> }
> }

This is what I have used. I used IO::File versus 'open'.

--read script --
#!/usr/bin/perl -w

use strict;

use IO::File;

$SIG{__WARN__} = $SIG{__DIE__} = sub { print "Opps\n$_[0]\n$!\n"; exit; };
$SIG{ALRM} = $SIG{INT} =
sub { undef $fh; print "Caught a signal - Terminating\n"; exit; };

my $fh = new IO::File "/tmp/myfifo";

while (1) {
while ( my $line = $fh->getline ) {
print "FIFO: $line";
}
}

exit;
-----------------
--write script --

#!/usr/bin/perl -w

$SIG{__DIE__} = $SIG{__WARN__} =
sub { print "Dying\n$!\n$@\n ... exiting\n"; exit; };
$SIG{INT} = $SIG{TERM} = sub { print "Caught a signal ... exiting\n"; exit; };
$SIG{ALRM} = sub { print "Timed out\n"; exit; };

alarm 5;

for ( 1 .. 100 ) {
system("echo $_ > /tmp/myfifo");
}

alarm 0;

exit;
-----------------

Some things to consider that are not included in the scripts above -
* autoflush may need to be turned on. With syslogd, I don't think it
matters that much, since, from my understanding, it doesn't buffer it's
output. But, it is something to consider.
* it works only on a *NIX type platform (Linux, SunOS, FreeBSD (maybe -
FreeBSD has tighter security, so it may not work as expected)).
* you may need to alter your signal handlers to suit your needs.

HTH

--
Jim

Copyright notice: all code written by the author in this post is
released under the GPL. http://www.gnu.org/licenses/gpl.txt
for more information.

a fortune quote ...
Wiker's Law: Government expands to absorb revenue and then some.

(murph) writes:

> Hi ,
> i should write a script which sends a mail whenever a new user is
> trying to login to the system(linux) as a root. As much as i know that
> script should work like daemon(i think that i can write it ) , but i
> don't know what exactly should the script do ?
> How can i understand when someone try to login to the computer ?
> Any ideas ?
>
> thank you

I realise that I'm coming into the discussion a bit late but
if you dont need to/want to do the daemonizing yourself have
a look at daemonize.

Home Page: http://www.clapper.org/software/daemonize/

I belive it's included in most *nix distros.