Tree - source-git/logwatch - CentOS Git server

source-git / logwatch

Blame scripts/services/sudo

Blob History Raw

Packit	57988d	`###########################################################################`
Packit	57988d	`# $Id$`
Packit	57988d	`###########################################################################`
Packit	57988d	`# $Log: sudo,v $`
Packit	57988d	`# Revision 1.15 2011/01/06 15:36:02 stefan`
Packit	57988d	`# added: Conversation failed with`
Packit	57988d	`#`
Packit	57988d	`# Revision 1.14 2008/03/24 23:31:27 kirk`
Packit	57988d	`# added copyright/license notice to each script`
Packit	57988d	`#`
Packit	57988d	`# Revision 1.13 2007/11/25 20:07:49 bjorn`
Packit	57988d	`# Filtering a pam_unix message, by Ivana Varekova.`
Packit	57988d	`#`
Packit	57988d	`# Revision 1.12 2007/09/02 01:36:21 mrc`
Packit	57988d	`# - Patch to allow dot (.) in user names from Matthew Joyce`
Packit	57988d	`#`
Packit	57988d	`# Revision 1.11 2006/04/12 23:17:09 bjorn`
Packit	57988d	`# Added %OtherList, and handles some errors.`
Packit	57988d	`#`
Packit	57988d	`###########################################################################`
Packit	57988d
Packit	57988d	`###########################################################################`
Packit	57988d	`# sudo: A logwatch script to collate and format sudo log entries from`
Packit	57988d	`# the secure log. Entries are broken down by the user who issued`
Packit	57988d	`# the command, and further by the effective user of the command.`
Packit	57988d	`#`
Packit	57988d	`# Detail Levels:`
Packit	57988d	`# 0: Just print the command`
Packit	57988d	`# 20: Include the current directory when the command was executed`
Packit	57988d	`# (on a separate line)`
Packit	57988d	`# 30: Include the TTY on the directory line`
Packit	57988d	`###########################################################################`
Packit	57988d
Packit	57988d	`#######################################################`
Packit	57988d	`## Copyright (c) 2008 Kirk Bauer`
Packit	57988d	`## Covered under the included MIT/X-Consortium License:`
Packit	57988d	`## http://www.opensource.org/licenses/mit-license.php`
Packit	57988d	`## All modifications and contributions by other persons to`
Packit	57988d	`## this script are assumed to have been donated to the`
Packit	57988d	`## Logwatch project and thus assume the above copyright`
Packit	57988d	`## and licensing terms. If you want to make contributions`
Packit	57988d	`## under your own copyright or a different license this`
Packit	57988d	`## must be explicitly stated in the contribution an the`
Packit	57988d	`## Logwatch project reserves the right to not accept such`
Packit	57988d	`## contributions. If you have made significant`
Packit	57988d	`## contributions to this script and want to claim`
Packit	57988d	`## copyright please contact logwatch-devel@lists.sourceforge.net.`
Packit	57988d	`#########################################################`
Packit	57988d
Packit	57988d	`use strict;`
Packit	57988d	`my %OtherList;`
Packit	57988d
Packit	57988d	`my ($Debug, $Detail, %byUser, %byUserSum);`
Packit	57988d	`my $Debug = $ENV{'LOGWATCH_DEBUG'} \|\| 0;`
Packit	57988d	`my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} \|\| 0;`
Packit	57988d	`# maximum number of commands user ran to display at low detail`
Packit	57988d	`my $CmdsThresh = $ENV{'command_run_threshold'} \|\| 0;`
Packit	57988d	`my %IgnoreCmds;`
Packit	57988d
Packit	57988d	`my ($user, $error, $tty, $dir, $euser, $cmd, $args);`
Packit	57988d	`my (%ConFailed);`
Packit	57988d	`my $contlines = 0;`
Packit	57988d	`my $argsprinted = 0;`
Packit	57988d
Packit	57988d	`if (defined($ENV{'ignore_commands'})) {`
Packit	57988d	`foreach my $entry (split(',',$ENV{'ignore_commands'})) {`
Packit	57988d	`$entry =~ s/['"]//g;`
Packit	57988d	`my ($from_user,$to_user,$cmd) = split(';',$entry);`
Packit	57988d	`push(@{$IgnoreCmds{$from_user}{$to_user}},$cmd);`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`while (defined(my $ThisLine = <STDIN>)) {`
Packit	57988d	`if ($ThisLine =~ /pam_unix$sudo:auth$: authentication failure; logname=\S* uid=[0-9]* euid=[0-9]* tty=\S* ruser=\S* rhost=\S* user=\S*/`
Packit	57988d	`)`
Packit	57988d	`# this log is parsed in pam_unix section`
Packit	57988d	`{`
Packit	57988d	`# Ignore`
Packit	57988d	`} elsif ($ThisLine =~ /pam_unix$sudo:session$: session (opened\|closed) for user \S+/) {`
Packit	57988d	`# handled in pam_unix`
Packit	57988d	`} elsif ($ThisLine =~ /pam_unix$sudo:auth$: auth could not identify password for/) {`
Packit	57988d	`# handled in pam_unix`
Packit	57988d	`} elsif ($ThisLine =~ /pam_sss$sudo:auth$: authentication success/) {`
Packit	57988d	`# Ignore`
Packit	57988d	`} elsif ($ThisLine =~ /(.+): conversation failed/) {`
Packit	57988d	`$ConFailed{$1}++;`
Packit	57988d	`} elsif ( ($user, $error, $tty, $dir, $euser, $cmd, $args) = $ThisLine =~ m/^\s(\S+) : (.; )?TTY=(\S+) ; PWD=(.?) ; USER=(\S+) ; COMMAND=(\S+)( ?.)/) {`
Packit	57988d	`next if (defined($IgnoreCmds{$user}{$euser}) && $cmd =~ join("\|",@{$IgnoreCmds{$user}{$euser}}));`
Packit	57988d	`next if (defined($IgnoreCmds{'any'}{$euser}) && $cmd =~ join("\|",@{$IgnoreCmds{'any'}{$euser}}));`
Packit	57988d	`push @{$byUser{$user}{$euser}}, [$error . $cmd, $args, $dir, $tty];`
Packit	57988d	`$byUserSum{$user}{$euser}{$cmd} += 1;`
Packit	57988d	`} elsif ( ($user,$euser) = $ThisLine =~ /^\s*(\S+) : no passwd entry for (\S+)\!$/) {`
Packit	57988d	`push @{$byUser{$user}{$euser . " (No such user)"}}, ["No password entry"];`
Packit	57988d	`} elsif ( ($user, $error, $tty, $dir, $euser, $cmd, $args) = $ThisLine =~ m/^\s*\S+ : $command continued$/) {`
Packit	57988d	`$contlines++;`
Packit	57988d	`} else {`
Packit	57988d	`chomp($ThisLine);`
Packit	57988d	`$OtherList{$ThisLine}++;`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`foreach my $user (sort keys %byUser) {`
Packit	57988d	`foreach my $euser (sort keys %{$byUser{$user}}) {`
Packit	57988d	`print "\n$user => $euser\n", "-" x length("$user => $euser"), "\n";`
Packit	57988d	`foreach my $cmd (sort keys %{$byUserSum{$user}{$euser}}) {`
Packit	57988d	`if ($Detail < 10 && $CmdsThresh <= $byUserSum{$user}{$euser}{$cmd}) {`
Packit	57988d	`printf "%-30s - %3i Time(s).\n", $cmd, $byUserSum{$user}{$euser}{$cmd};`
Packit	57988d	`} # if $Detail < 10`
Packit	57988d	`} # foreach $gcmd`
Packit	57988d	`foreach my $row (@{$byUser{$user}{$euser}}) {`
Packit	57988d	`if ($Detail >= 10 \|\| $CmdsThresh > $byUserSum{$user}{$euser}{$$row[0]}) {`
Packit	57988d	`my ($gcmd, $args, $dir, $tty) = @$row;`
Packit	57988d	`my $cmd = "$gcmd$args";`
Packit	57988d	`# make long commands easier to read`
Packit	57988d	`$cmd =~ s/(?=.{74,})(.{1,74}) /${1} \\\n /g if (length($cmd) > 75);`
Packit	57988d	`print "$cmd\n";`
Packit	57988d	`if ($Detail >= 20) {`
Packit	57988d	`my $ttydetail = "";`
Packit	57988d	`$ttydetail = "($tty) " if $Detail >= 30;`
Packit	57988d	`print "\t$ttydetail$dir\n";`
Packit	57988d	`} # if $Detail >= 20`
Packit	57988d	`$argsprinted=1;`
Packit	57988d	`} # if $Detail >= 10`
Packit	57988d	`} # foreach $row`
Packit	57988d	`} # foreach $euser`
Packit	57988d	`} # foreach $user`
Packit	57988d
Packit	57988d	`if (keys %ConFailed) {`
Packit	57988d	`print "\nConversation failed with:";`
Packit	57988d	`print "\n-------------------------";`
Packit	57988d	`foreach my $conv (sort keys %ConFailed) {`
Packit	57988d	`printf "\n%-30s - %3i Time(s)", $conv, $ConFailed{$conv};`
Packit	57988d	`}`
Packit	57988d	`print "\n";`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if($contlines && $argsprinted) {`
Packit	57988d	`print "\nThe argument list of some of above commands might be incomplete\n";`
Packit	57988d	`}`
Packit	57988d
Packit	57988d	`if (keys %OtherList) {`
Packit	57988d	`print "\n\nUnmatched Entries";`
Packit	57988d	`foreach my $line (sort {$OtherList{$b}<=>$OtherList{$a} } keys %OtherList) {`
Packit	57988d	`print "\n $line: $OtherList{$line} Time(s)";`
Packit	57988d	`}`
Packit	57988d	`}`
Packit	57988d
Packit	57988d
Packit	57988d	`# vi: shiftwidth=3 tabstop=3 syntax=perl et`
Packit	57988d	`# Local Variables:`
Packit	57988d	`# mode: perl`
Packit	57988d	`# perl-indent-level: 3`
Packit	57988d	`# indent-tabs-mode: nil`
Packit	57988d	`# End:`

source-git / logwatch

Source Code

Blame scripts/services/sudo