Solved

How to trap who is running a script and log it?

Posted on 2011-02-14
8
446 Views
Last Modified: 2012-05-11
Hello,

I have a script that can be executed by processes or users on our AIX box, the script contains the following:

#!/bin/sh
DLC=${DLC-/usr1/dlc};export DLC
PROSHUT=${PROSHUT-$DLC/bin/_mprshut}
trap "" 13
exec $PROSHUT "$@"

Open in new window


How can I edit the above code so that it traps which process or user is running the script and log it to a file? Would there be something I can add to the code in the original file?

Thanks.
0
Comment
Question by:mirde
8 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 34889969
you can add line at the beginning of the script

username >> /path/to/logfile

the file logfile should be writable by all users
0
 
LVL 1

Expert Comment

by:ltost
ID: 34890000
Sure, just put something like this into it:
echo `date`  `whoami` >> /tmp/spy.out

Open in new window


That will log the user with a timestamp to the file /tmp/spy.out
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 250 total points
ID: 34890200
Hi,

the drawback of the above solutions is that the logfile must be writeable by all users, so all users can manipulate it.

I'd suggest using syslog.

Add a line to /etc/syslog.conf like:

local3.info /var/adm/local3.log

Then issue:

touch  /var/adm/local3.log
and
refresh -s syslogd

Now add to your script:

logger -t "$0" -p local3.info "Run by user $(whoami) with PID $$ on $(hostname)"

Take care that your script itself is not writeable by anybody but root.

wmp

0
 
LVL 76

Expert Comment

by:arnold
ID: 34891889
There are many options.
Is this an SUID script.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34892000
AIX does not support SUID scripts.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 34894391
There are almost no *nix versions that support SUID scripts.

woolmilkporc's solution is the best as you can restrict the permissions on the log file.
0
 
LVL 76

Expert Comment

by:arnold
ID: 34897027
You could have each user append data to a <username> named file and have a process that monitors this directory that would take the data and add it into a file that the users/processes  have no access to.
0
 

Author Closing Comment

by:mirde
ID: 34967106
worked like a charm
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Background Still having to process all these year-end "csv" files received from all these sources (including Government entities), sometimes we have the need to examine the contents due to data error, etc... As a "Unix" shop, our only readily …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now