[Xymon] possible to test against "who"?
Root, Paul T
Paul.Root at CenturyLink.com
Thu Nov 9 20:08:23 CET 2017
You'd need a custom script for it. Pretty simple
$HOST = `hostname`;
$TEST = 'who`;
$COLOR='green';
@users=`who`;
push (@output, "Who Test");
while $user (@users) {
@user = split (/\s/, $user);
If ($user[0] eq 'root') {
$COLOR='red' ; # or yellow whatever
# do other stuff for formatting
push (@output, "\&red"); # built in icon
}
push (@output, $user);
}
if (!open (XYMON, "$ENV{XYMON} $XYMSRV \"status+$StatusTimeout $HOST.$TEST $COLOR @output\" |")) {
print "$prog: WARNING Can not run $XYMON $XYMSRV\n";
}
close (XYMON);
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Rothlisberger, John R.
Sent: Thursday, November 09, 2017 10:23 AM
To: 'xymon >> xymon at xymon.com'
Subject: [Xymon] possible to test against "who"?
Is anyone doing any tests against the "who" test?
I would possibly like to alert if root (linux) or administrator (windows) is logged into a server.
I have never seen this done before nor do I find anything in the docs for analysis.cfg. With today's heightened security awareness this may be something others would be interested in also.
Thanks,
John
Upcoming PTO:
_____________________________________________________________________
John Rothlisberger
IT Strategy, Infrastructure & Security - Technology Growth Platform
TGP for Business Process Outsourcing
Accenture
312.693.3136 office
_____________________________________________________________________
________________________________
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________
www.accenture.com<http://www.accenture.com>
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20171109/835767f9/attachment.html>
More information about the Xymon
mailing list