55 lines
1.1 KiB
Perl
55 lines
1.1 KiB
Perl
#!/usr/bin/perl -P
|
|
|
|
# $RCSfile: scan_sudo,v $$Revision: 4.1 $$Date: 92/08/07 17:20:42 $
|
|
|
|
# Analyze the sudo log.
|
|
|
|
chdir('/usr/adm/private/memories') || die "Can't cd to memories: $!\n";
|
|
|
|
if (open(Oldsudo,'oldsudo')) {
|
|
$maxpos = <Oldsudo>;
|
|
close Oldsudo;
|
|
}
|
|
else {
|
|
$maxpos = 0;
|
|
`echo 0 >oldsudo`;
|
|
}
|
|
|
|
unless (open(Sudo, '/usr/adm/sudo.log')) {
|
|
print "Somebody removed sudo.log!!!\n" if $maxpos;
|
|
exit 0;
|
|
}
|
|
|
|
($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
|
|
$blksize,$blocks) = stat(Sudo);
|
|
|
|
if ($size < $maxpos) {
|
|
$maxpos = 0;
|
|
print "Somebody reset sudo.log!!!\n";
|
|
}
|
|
|
|
seek(Sudo,$maxpos,0);
|
|
|
|
while (<Sudo>) {
|
|
s/^.* :[ \t]+//;
|
|
s/ipcrm.*/ipcrm/;
|
|
s/kill.*/kill/;
|
|
unless ($seen{$_}++) {
|
|
push(@seen,$_);
|
|
}
|
|
$last = $_;
|
|
}
|
|
$max = tell(Sudo);
|
|
|
|
open(tmp,'|sort >oldsudo.tmp') || die "Can't create tmp file: $!\n";
|
|
while ($_ = pop(@seen)) {
|
|
print tmp $_;
|
|
}
|
|
close(tmp);
|
|
open(tmp,'oldsudo.tmp') || die "Can't reopen tmp file: $!\n";
|
|
while (<tmp>) {
|
|
print $seen{$_},":\t",$_;
|
|
}
|
|
|
|
print `(rm -f oldsudo.tmp; echo $max > oldsudo) 2>&1`;
|