[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [hobbit] need help checking a file status



Well, among other things - the file that went missing was a crontab . . .

I've built a small perl script to get the data and dump it out to the client data stream; hobbit runs it via sudo. I'm also looking at logfetch.c, the hobbit program that does the process. I can see Henrik has thought about this, because the code to get and drop root permissions is present - bracketed by ifdefs for 'BIG_SECURITY_HOLE'.

I need to satisfy myself about the logfetch code, and then I think a recompile may be in order.

(Complicating the issue, AIX does not have a 'stat' command, and the 'istat' command does not give similar output).

Tom

-----Original Message-----
From: Rolf Schrittenlocher [mailto:schritte (at) hebis.uni-frankfurt.de]
Sent: Friday, September 12, 2008 1:47 AM
To: hobbit (at) hswn.dk
Subject: Re: [hobbit] need help checking a file status

Hi Tom,

what about a cronjob copying the file every minute and changing the
rights of the copy? Then you may monitor the copy.

Rolf
>
> We had an 'event' earlier in the week where a file ended as
> zero-length, so I want to monitor it with hobbit.
>
> Unfortunately, it is mode 600 owned by root, in a directory mode 600
> owned by root.
>
> I'd like to report this under the 'files' column, but I'd rather not
> do logfetch as suid rot.
>
> Has anyone had luck using the file:command interface to use sudo?
>
> Any other suggestions?
>
> TIA
>
> Tom Kauffman
>


--
Mit freundlichen Gruessen
Rolf Schrittenlocher

Bitte beachten Sie die neue Emailadresse!

HeBIS-IT, Senckenberganlage 31, 60054 Frankfurt
Tel: (49) 69 - 798 28908   Fax: (49) 69 798 28817
LBS: lbs-f (at) mlist.uni-frankfurt.de
Persoenlich: schritte (at) hebis.uni-frankfurt.de


To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk