Solved

How to trap who is running a script and log it?

Posted on 2011-02-14
8
448 Views
Last Modified: 2012-05-11
Hello,

I have a script that can be executed by processes or users on our AIX box, the script contains the following:

#!/bin/sh
DLC=${DLC-/usr1/dlc};export DLC
PROSHUT=${PROSHUT-$DLC/bin/_mprshut}
trap "" 13
exec $PROSHUT "$@"

Open in new window


How can I edit the above code so that it traps which process or user is running the script and log it to a file? Would there be something I can add to the code in the original file?

Thanks.
0
Comment
Question by:mirde
8 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 34889969
you can add line at the beginning of the script

username >> /path/to/logfile

the file logfile should be writable by all users
0
 
LVL 1

Expert Comment

by:ltost
ID: 34890000
Sure, just put something like this into it:
echo `date`  `whoami` >> /tmp/spy.out

Open in new window


That will log the user with a timestamp to the file /tmp/spy.out
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 250 total points
ID: 34890200
Hi,

the drawback of the above solutions is that the logfile must be writeable by all users, so all users can manipulate it.

I'd suggest using syslog.

Add a line to /etc/syslog.conf like:

local3.info /var/adm/local3.log

Then issue:

touch  /var/adm/local3.log
and
refresh -s syslogd

Now add to your script:

logger -t "$0" -p local3.info "Run by user $(whoami) with PID $$ on $(hostname)"

Take care that your script itself is not writeable by anybody but root.

wmp

0
 
LVL 77

Expert Comment

by:arnold
ID: 34891889
There are many options.
Is this an SUID script.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34892000
AIX does not support SUID scripts.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 34894391
There are almost no *nix versions that support SUID scripts.

woolmilkporc's solution is the best as you can restrict the permissions on the log file.
0
 
LVL 77

Expert Comment

by:arnold
ID: 34897027
You could have each user append data to a <username> named file and have a process that monitors this directory that would take the data and add it into a file that the users/processes  have no access to.
0
 

Author Closing Comment

by:mirde
ID: 34967106
worked like a charm
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now