[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sample of Hobbit server-side module (was: Who Test)

To: hobbit (at) hswn.dk
Subject: Sample of Hobbit server-side module (was: Who Test)
From: Henrik Stoerner <henrik (at) hswn.dk>
Date: Sun, 28 Jan 2007 13:47:49 +0100
References: <000601c741a4$f208e660$4902010a@rac.raccorp.corp> <20070127082912.GA32681@hswn.dk>
User-agent: Mutt/1.5.12-2006-07-14

On Sat, Jan 27, 2007 at 09:29:12AM +0100, Henrik Stoerner wrote:
> On Fri, Jan 26, 2007 at 05:51:49PM -0600, Richard Leon wrote:
> > I have noticed that the client collects all of the data and then the server
> > "tests" the condition.
> > 
> > How would I go about writing a who script that would tell me when someone is
> > logged in as root?
>
> For someone familiar with Perl, I think it should be fairly straight-forward.

I'm not familiar with Perl at all, but a couple of hours work produced
this, which appears to work fine. I'll include it as a sample of how to
hook into the Hobbit server-side channels.

To use it, put it in your ~hobbit/server/ext/ directory, and add this to
your hobbitlaunch.cfg on your server:

[rootlogin]
	ENVFILE /usr/lib/hobbit/server/etc/hobbitserver.cfg
	NEEDS hobbitd
	CMD hobbitd_channel --channel=client --log=$BBSERVERLOGS/rootlogin.log $BBHOME/ext/rootlogin.pl

Regards,
Henrik

#!/usr/bin/perl -w

#*----------------------------------------------------------------------------*/
#* Hobbit client message processor.                                           */
#*                                                                            */
#* This perl program shows how to create a server-side module using the       */
#* data sent by the Hobbit clients. This program is fed data from the         */
#* Hobbit "client" channel via the hobbitd_channel program; each client       */
#* message is processed by looking at the [who] section and generates         */
#* a "login" status that goes red when an active "root" login is found.       */
#*                                                                            */
#* Written 2007-Jan-28 by Henrik Storner <henrik (at) hswn.dk>                     */
#*                                                                            */
#* This program is in the public domain, and may be used freely for           */
#* creating your own Hobbit server-side modules.                              */
#*                                                                            */
#*----------------------------------------------------------------------------*/

# $Id: rootlogin.pl,v 1.1 2007/01/28 12:42:34 henrik Exp $


my $bb;
my $bbdisp;
my $hobbitcolumn = "login";

my $hostname = "";
my $msgtxt = "";
my %sections = ();
my $cursection = "";

sub processmessage;


# Get the BB and BBDISP environment settings.
$bb = $ENV{"BB"} || die "BB not defined";
$bbdisp = $ENV{"BBDISP"} || die "BBDISP not defined";


# Main routine. 
#
# This reads client messages from <STDIN>, looking for the
# delimiters that separate each message, and also looking for the
# section markers that delimit each part of the client message.
# When a message is complete, the processmessage() subroutine
# is invoked. $msgtxt contains the complete message, and the
# %sections hash contains the individual sections of the client 
# message.

while ($line = <STDIN>) {
	if ($line =~ /^\ (at) \@client\#/) {
		# It's the start of a new client message - the header looks like this:
		# @@client#830759/HOSTNAME|1169985951.340108|10.60.65.152|HOSTNAME|sunos|sunos

		# Grab the hostname field from the header
		@hdrfields = split(/\|/, $line);
		$hostname = $hdrfields[3];

		# Clear the variables we use to store the message in
		$msgtxt = "";
		%sections = ();
	}
	elsif ($line =~ /^\ (at) \@/) {
		# End of a message. Do something with it.
		processmessage();
	}
	elsif ($line =~ /^\[(.+)\]/) {
		# Start of new message section.

		$cursection = $1;
		$sections{ $cursection } = "";
	}
	else {
		# Add another line to the entire message text variable,
		# and the the current section.
		$msgtxt = $msgtxt . $line;
		$sections{ $cursection } = $sections{ $cursection } . $line;
	}
}


# This subroutine processes the client message. In this case,
# we watch the [who] section of the client message and alert
# if there is a root login active.

sub processmessage {
	my $color;
	my $summary;
	my $statusmsg;
	my $cmd;

	# Dont do anything unless we have the "who" section
	return unless ( $sections{"who"} );

	# Is there a "root" login somewhere in the "who" section?
	# Note that we must match with /m because there are multiple
	# lines in the [who] section.
	if ( $sections{"who"} =~ /^root /m ) {
		$color = "red";
		$summary = "ROOT login active";
		$statusmsg = "&red ROOT login detected!\n\n" . $sections{"who"};
	}
	else {
		$color = "green";
		$summary = "OK";
		$statusmsg = "&green No root login active\n\n" . $sections{"who"};
	}

	# Build the command we use to send a status to the Hobbit daemon
	$cmd = $bb . " " . $bbdisp . " \"status " . $hostname . "." . $hobbitcolumn . " " . $color . " " . $summary . "\n\n" . $statusmsg . "\"";

	# And send the message
	system $cmd;
}

Follow-Ups:
- RE: [hobbit] Sample of Hobbit server-side module (was: Who Test)
  - From: Richard Leon
- Re: [hobbit] Sample of Hobbit server-side module
  - From: Gildas Le Nadan
- Re: [hobbit] Sample of Hobbit server-side module (was: Who Test)
  - From: Jerry Yu

References:
- Who Test
  - From: Richard Leon
- Re: [hobbit] Who Test
  - From: Henrik Stoerner

Prev by Date: Hobbit client and large networks
Next by Date: Re: [hobbit] Sample of Hobbit server-side module (was: Who Test)
Previous by thread: Re: [hobbit] Who Test
Next by thread: Re: [hobbit] Sample of Hobbit server-side module (was: Who Test)
Index(es):
- Date
- Thread