script working like daemon

Discussion in 'Perl Misc' started by murph, Feb 9, 2004.

  1. murph

    murph Guest

    Hi ,
    i should write a script which sends a mail whenever a new user is
    trying to login to the system(linux) as a root. As much as i know that
    script should work like daemon(i think that i can write it ) , but i
    don't know what exactly should the script do ?
    How can i understand when someone try to login to the computer ?
    Any ideas ?

    thank you
     
    murph, Feb 9, 2004
    #1
    1. Advertising

  2. murph

    Ben Morrow Guest

    (murph) wrote:
    > i should write a script which sends a mail whenever a new user is
    > trying to login to the system(linux) as a root. As much as i know that
    > script should work like daemon(i think that i can write it ) , but i
    > don't know what exactly should the script do ?
    > How can i understand when someone try to login to the computer ?
    > Any ideas ?


    If the system uses PAM then the easiest way is to hook in there (this
    is not a Perl question, and the answer will be a C program). Otherwise
    you could have a program sit reading the logs...

    Ben

    --
    Every twenty-four hours about 34k children die from the effects of poverty.
    Meanwhile, the latest estimate is that 2800 people died on 9/11, so it's like
    that image, that ghastly, grey-billowing, double-barrelled fall, repeated
    twelve times every day. Full of children. [Iain Banks]
     
    Ben Morrow, Feb 9, 2004
    #2
    1. Advertising

  3. On Mon, 09 Feb 2004 04:52:21 -0800, murph wrote:

    > i should write a script which sends a mail whenever a new user is
    > trying to login to the system(linux) as a root. As much as i know that
    > script should work like daemon(i think that i can write it ) , but i
    > don't know what exactly should the script do ?
    > How can i understand when someone try to login to the computer ?
    > Any ideas ?


    You could look at SWATCH (which is written in Perl and recommended by
    various security sources). http://swatch.sourceforge.net/

    Another option is to put together a script to read from a FIFO, alter
    your syslog.conf file to include sending messages to the FIFO, and then do
    something when a specified line is encountered.

    I'm sure there are other ways to do it.

    HTH

    --
    Jim

    Copyright notice: all code written by the author in this post is
    released under the GPL. http://www.gnu.org/licenses/gpl.txt
    for more information.

    a fortune quote ...
    The longer I am out of office, the more infallible I appear to
    myself. -- Henry Kissinger
     
    James Willmore, Feb 9, 2004
    #3
  4. murph

    murph Guest

    James Willmore <> wrote in message news:<>...
    > On Mon, 09 Feb 2004 04:52:21 -0800, murph wrote:
    >
    > > i should write a script which sends a mail whenever a new user is
    > > trying to login to the system(linux) as a root. As much as i know that
    > > script should work like daemon(i think that i can write it ) , but i
    > > don't know what exactly should the script do ?
    > > How can i understand when someone try to login to the computer ?
    > > Any ideas ?

    >
    > You could look at SWATCH (which is written in Perl and recommended by
    > various security sources). http://swatch.sourceforge.net/
    >
    > Another option is to put together a script to read from a FIFO, alter
    > your syslog.conf file to include sending messages to the FIFO, and then do
    > something when a specified line is encountered.
    >
    > I'm sure there are other ways to do it.
    >
    > HTH
    >
    > --
    > Jim
    >
    > Copyright notice: all code written by the author in this post is
    > released under the GPL. http://www.gnu.org/licenses/gpl.txt
    > for more information.
    >
    > a fortune quote ...
    > The longer I am out of office, the more infallible I appear to
    > myself. -- Henry Kissinger


    Ok
    thank u very much
    I understand how to configure the syslogd.conf to put the logs direct
    to a named pipe . Now i want to write my perl script , but i have
    really problems using named pipes .
    I created named pipe manually (mkfifo pipe ) , change it permissions
    so that the script can read and write from it ( 0777 )

    #!/usr/bin/perl
    $fifo_name = "./fifo" ;
    while(1){
    open(FIFO ,"> $fifo_name");
    $error = <FIFO> ;
    if($error){
    chomp($error);
    print "Error: $error\n";
    }
    }

    But i didn't receice a log messages
    Than i try to make two scripts reader.pl and writer.pl just for
    testing
    But they didn't work two .
    They look the same , any ideas why that happens
     
    murph, Feb 10, 2004
    #4
  5. murph

    Ben Morrow Guest

    [please wrap your posts at 72 characters or so]

    (murph) wrote:
    > James Willmore <> wrote in message
    > news:<>...
    > >
    > > Another option is to put together a script to read from a FIFO, alter
    > > your syslog.conf file to include sending messages to the FIFO, and then do
    > > something when a specified line is encountered.

    >
    > I understand how to configure the syslogd.conf to put the logs direct
    > to a named pipe . Now i want to write my perl script , but i have
    > really problems using named pipes .
    > I created named pipe manually (mkfifo pipe ) , change it permissions
    > so that the script can read and write from it ( 0777 )


    Whoa there, that's a little extreme. You certainly don't need execute
    permissions on a fifo, and you probably don't need anything higher
    than 600 if you can arrange for the reader to run as the same user as
    syslog (and make that user own the fifo, of course; though it will if
    syslogd creates it for you).

    > #!/usr/bin/perl
    > $fifo_name = "./fifo" ;
    > while(1){
    > open(FIFO ,"> $fifo_name");


    You are opening FIFO for writing...

    > $error = <FIFO> ;


    ....and then trying to read from it. The open will block until there is
    a reader, so this will appear to hang.

    Also, you should be using lexical FHs, and checking the return of
    open; and your loop should be structured differently:

    open my $FIFO, '<', $fifo_name or die "can't open $fifo_name: $!";
    # this ^^^^^^^^
    # is a lexical FH. It will close when it goes out of scope.

    while (<$FIFO>) { # implicitly while (defined( $_ = <$FIFO> )) {
    chomp; # this will loop until EOF
    print "Error: $_\n";
    }

    If you want to try opening it again after the other end closes it, put
    another loop around all of that.

    > if($error){
    > chomp($error);
    > print "Error: $error\n";
    > }
    > }
    >
    > But i didn't receice a log messages
    > Than i try to make two scripts reader.pl and writer.pl just for
    > testing
    > But they didn't work two .


    What happened? Show us the scripts.

    Ben

    --
    "If a book is worth reading when you are six, *
    it is worth reading when you are sixty." - C.S.Lewis
     
    Ben Morrow, Feb 10, 2004
    #5
  6. On Tue, 10 Feb 2004 02:25:46 -0800, murph wrote:

    > James Willmore <> wrote in message news:<>...
    >> On Mon, 09 Feb 2004 04:52:21 -0800, murph wrote:


    <snip>

    >>
    >> Another option is to put together a script to read from a FIFO, alter
    >> your syslog.conf file to include sending messages to the FIFO, and then do
    >> something when a specified line is encountered.


    <snip>

    > I understand how to configure the syslogd.conf to put the logs direct
    > to a named pipe . Now i want to write my perl script , but i have
    > really problems using named pipes .
    > I created named pipe manually (mkfifo pipe ) , change it permissions
    > so that the script can read and write from it ( 0777 )


    To make it really secure, make the owner 'root' and make the permissions
    600 (-rw-------).
    You don't what *anyone* to have the ability to read/write to the FIFO -
    because that would open a potential "hole" in your system and
    you don't wwant that :)

    > #!/usr/bin/perl
    > $fifo_name = "./fifo" ;
    > while(1){
    > open(FIFO ,"> $fifo_name");
    > $error = <FIFO> ;
    > if($error){
    > chomp($error);
    > print "Error: $error\n";
    > }
    > }


    This is what I have used. I used IO::File versus 'open'.

    --read script --
    #!/usr/bin/perl -w

    use strict;

    use IO::File;

    $SIG{__WARN__} = $SIG{__DIE__} = sub { print "Opps\n$_[0]\n$!\n"; exit; };
    $SIG{ALRM} = $SIG{INT} =
    sub { undef $fh; print "Caught a signal - Terminating\n"; exit; };

    my $fh = new IO::File "/tmp/myfifo";

    while (1) {
    while ( my $line = $fh->getline ) {
    print "FIFO: $line";
    }
    }

    exit;
    -----------------
    --write script --

    #!/usr/bin/perl -w

    $SIG{__DIE__} = $SIG{__WARN__} =
    sub { print "Dying\n$!\n$@\n ... exiting\n"; exit; };
    $SIG{INT} = $SIG{TERM} = sub { print "Caught a signal ... exiting\n"; exit; };
    $SIG{ALRM} = sub { print "Timed out\n"; exit; };

    alarm 5;

    for ( 1 .. 100 ) {
    system("echo $_ > /tmp/myfifo");
    }

    alarm 0;

    exit;
    -----------------

    Some things to consider that are not included in the scripts above -
    * autoflush may need to be turned on. With syslogd, I don't think it
    matters that much, since, from my understanding, it doesn't buffer it's
    output. But, it is something to consider.
    * it works only on a *NIX type platform (Linux, SunOS, FreeBSD (maybe -
    FreeBSD has tighter security, so it may not work as expected)).
    * you may need to alter your signal handlers to suit your needs.

    HTH

    --
    Jim

    Copyright notice: all code written by the author in this post is
    released under the GPL. http://www.gnu.org/licenses/gpl.txt
    for more information.

    a fortune quote ...
    Wiker's Law: Government expands to absorb revenue and then some.
     
    James Willmore, Feb 10, 2004
    #6
  7. murph

    Guest

    (murph) writes:

    > Hi ,
    > i should write a script which sends a mail whenever a new user is
    > trying to login to the system(linux) as a root. As much as i know that
    > script should work like daemon(i think that i can write it ) , but i
    > don't know what exactly should the script do ?
    > How can i understand when someone try to login to the computer ?
    > Any ideas ?
    >
    > thank you


    I realise that I'm coming into the discussion a bit late but
    if you dont need to/want to do the daemonizing yourself have
    a look at daemonize.

    Home Page: http://www.clapper.org/software/daemonize/

    I belive it's included in most *nix distros.
     
    , Feb 26, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ivan le magnifique

    running a script like a daemon

    ivan le magnifique, Nov 8, 2003, in forum: Python
    Replies:
    3
    Views:
    268
    Kathy Poniatowski
    Nov 9, 2003
  2. Jean-Paul Calderone
    Replies:
    0
    Views:
    460
    Jean-Paul Calderone
    Mar 20, 2009
  3. Floris Bruynooghe
    Replies:
    1
    Views:
    454
    Floris Bruynooghe
    Mar 24, 2009
  4. John Kelly

    Like a daemon

    John Kelly, Sep 24, 2009, in forum: C Programming
    Replies:
    29
    Views:
    914
    Seebs
    Oct 24, 2009
  5. Daemon Win32::Daemon;

    , Sep 7, 2006, in forum: Perl Misc
    Replies:
    0
    Views:
    258
Loading...

Share This Page