Solved

conventions of awk in a program

Posted on 2004-08-23
11
319 Views
Last Modified: 2011-09-20
The lines below are an extract from a script that we run to dump users who are sitting at a system prompt for more than an hour doing nothing - Very Popular!!!

However, we are receiving complaints of people being dumped after 10 - 15 minutes regardless of activities. The author of the script is on annual holiday so I have just disabled the cron job to stop this happening. However, I decided to look at the script;  .

I can inteperet the script fairly comfortably but I am a bit shy with some of the nuances in scripting. I was wondering if  the statement grep "1:' could be misinterpreted as this is the only point in the script where a numerical value is compared and I wondered if it was possible that the parser(?) was only checking against the numeral 1 for a match and not 1:  and consequently hitting on those who happened to be maybe just taking a comfort break

Now I am not a programmer in any language,  but I do know a lot of people who are and I was curious if one of them could tell me what was happening and if my supposition was correct.


PID=`who -u | awk '{print $1 " " $2 " " $6 " " $7 " " }' | grep "1:"  | | grep -v Mike | grep -v Sally | grep -v Doug | awk '{ print $4 }'`
echo $PID >>/home dir / filename
# Extra line to copy the PID number into a log file
date >> /home dir / logfile
for IDLE_USER in $PID
do
kill -9 $IDLE_USER
done
exit 0

Mike
0
Comment
Question by:thebusies
11 Comments
 
LVL 11

Expert Comment

by:avizit
ID: 11869247
depends on what are the fields returned by

"who -u  " on your system

if one of  print $1 " " $2 " " $6 " " $7 " "   can contain 1: and which isn't the idle time ..

cos it might have the time of login .. which can match with 1:

so guess you have to see what are teh fileds returned by who -u , which may not be standard on all machines .. so can you just paste a few lines from the outout of

who -u

on the said system



0
 

Author Comment

by:thebusies
ID: 11869273
As requested an output from who -u (DGUX variant of unix)

stats1:>who -u
usr1     pts/0        Aug 23 12:45   .       27406
usr2     pts/1        Aug 23 06:48  0:04  12724
usr3     pts/3        Aug 23 10:48   .       22780
usr4     pts/4        Aug 23 07:35   .       15348
Mike     pts/5        Aug 23 12:47   .       27447


Mike

0
 
LVL 11

Expert Comment

by:avizit
ID: 11869396
Okay from this I think we can discount what we have suspected.



`who -u | awk '{print $1 " " $2 " " $6 " " $7 " " }'   would return

usr1     pts/0           .       27406
usr2     pts/1          0:04  12724
usr3     pts/3           .       22780
usr4     pts/4           .       15348
Mike     pts/5           .       27447

so the login time is removed so grep 1: cannot  catch it

theproblem is at some other place then



0
 
LVL 11

Expert Comment

by:avizit
ID: 11869494
are you sure that's the only place in the script where the users get killed ?
0
 

Author Comment

by:thebusies
ID: 11869818
yes looking at the script and my understanding off it!
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:thebusies
ID: 11869961
Does the scripting program need a '/' in front of the ':' in the duration column or will it recognise the 1 and the colon?

0
 
LVL 20

Expert Comment

by:tfewster
ID: 11870000
echo $PID >>/home dir / filename

I don't see anything in the script that clears down this file; Is it possible that the script is killing PIDs that were _previously_ detected as idle for a long time?

To be safe, on the line before the `exit 0`, put `>/home dir / filename`


0
 
LVL 11

Expert Comment

by:avizit
ID: 11870025
I guessnot

the script is killing from the $PID variable  not from the file.

or IDLE_USER in $PID
do
kill -9 $IDLE_USER
done
0
 
LVL 20

Accepted Solution

by:
Gns earned 50 total points
ID: 11870314
Just out of curiosity, which DG/UX version is that? MU07?
Unfortunately I've recently scrapped my DG boxes, so cannot check, but.... If you are seeing spurious kills, this is likely because of either "who -u" generating "nonregular" output so that a spurious "1:" is intorduced (by the fixed column awk more or less), or a bug in the grep command. I'd think the former being far more likely than the latter...
Enhance the logging by logging the "unadorned" output from who -u if the PIDE variable is non-zero in length ... something like:
PID=`who -u | awk '{print $1 " " $2 " " $6 " " $7 " " }' | grep "1:"  | | grep -v Mike | grep -v Sally | grep -v Doug | awk '{ print $4 }'`
echo $PID >>/home dir / filename #<<<< this line shouldn't work, but you now this;-)
if [ "x$PID" != "x" ]
then
  who -u >> /home_dir_/filename #<<<< Adjust to something that exists and ... well, is valid:-)
fi
....

This way you'll get some tracing info;-).

-- Glenn
0
 

Author Comment

by:thebusies
ID: 11870728
glenn
that rings a bell as we have noticed when we do a normal who, the system returns an incorrect id. I think this may be the underlying problem. I will give it a try; May take a day or two to respond as I am maxed out here at the moment

Mike
0
 

Author Comment

by:thebusies
ID: 11878419
Thanks to everyone for thier input.

Top job Glenn ta!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now