From aa94293c8e99fbe32a0224ea8b0538ecae4493f3 Mon Sep 17 00:00:00 2001 From: Stephen Soltesz Date: Tue, 28 Sep 2010 18:13:12 +0000 Subject: [PATCH] log all bash-command line commands and upload them centrally --- histlog/add_conf_files.py | 47 ++++++++++++++++++++++++++++++++++++ histlog/collect_snoopylog_sh | 8 ++++++ histlog/histlog_snoopy_sh | 37 ++++++++++++++++++++++++++++ histlog/upload.cron.php | 11 +++++++++ 4 files changed, 103 insertions(+) create mode 100644 histlog/add_conf_files.py create mode 100644 histlog/collect_snoopylog_sh create mode 100644 histlog/histlog_snoopy_sh create mode 100644 histlog/upload.cron.php diff --git a/histlog/add_conf_files.py b/histlog/add_conf_files.py new file mode 100644 index 0000000..2afcdd0 --- /dev/null +++ b/histlog/add_conf_files.py @@ -0,0 +1,47 @@ +#!/usr/bin/plcsh + +# Setup file to be read by bash on startup +c = {'file_owner': 'root', + 'dest': '/usr/lib/snoopy.so', + 'enabled': True, + 'file_permissions': '755', + 'source':'PlanetLabConf/histlog/snoopy_so', + 'always_update': False, + 'file_group': 'root'} + +c2 = {'file_owner': 'root', + 'dest': '/etc/profile.d/histlog_snoopy.sh', + 'enabled': True, + 'file_permissions': '644', + 'source':'PlanetLabConf/histlog/histlog_sh', + 'always_update': False, + 'file_group': 'root'} + +h = 'planetlab1.cs.stevens-tech.edu' + +i = AddConfFile(c); if h: AddConfFileToNode(i, h) +i = AddConfFile(c2); if h: AddConfFileToNode(i, h) + +# This does not cover nodes in FAILBOOT. The above commands should also be +# added to BootManager so that commands taken by admins are uploaded before +# exec. + +c3 = {'file_owner': 'root', + 'dest': '/etc/cron.d/upload_snoopylog.cron', + 'enabled': True, + 'file_permissions': '644', + 'source': 'PlanetLabConf/histlog/upload.cron.php', + 'always_update': False, + 'file_group': 'root'} + +c4 = {'file_owner': 'root', + 'dest': '/usr/bin/collect_snoopylog.sh', + 'enabled': True, + 'file_permissions': '750', + 'source': 'PlanetLabConf/histlog/collect_snoopylog_sh', + 'always_update': False, + 'file_group': 'root'} + +i = AddConfFile(c3); if h: AddConfFileToNode(i, h) +i = AddConfFile(c4); if h: AddConfFileToNode(i, h) + diff --git a/histlog/collect_snoopylog_sh b/histlog/collect_snoopylog_sh new file mode 100644 index 0000000..58655e0 --- /dev/null +++ b/histlog/collect_snoopylog_sh @@ -0,0 +1,8 @@ +#!/bin/bash +grep snoopy /var/log/secure > /tmp/secure.new +# report lines unique to secure.new +comm -1 -3 /tmp/secure.old /tmp/secure.new > /tmp/secure.log +cp /tmp/secure.new /tmp/secure.old +# upload log +curl --insecure https://monitor.planet-lab.org/monitor/uploadlogs --form "dir=snoopy" --form "log=@/tmp/secure.log" + diff --git a/histlog/histlog_snoopy_sh b/histlog/histlog_snoopy_sh new file mode 100644 index 0000000..d1ef897 --- /dev/null +++ b/histlog/histlog_snoopy_sh @@ -0,0 +1,37 @@ +#!/bin/bash + +# NOTE: OMG - evidently 'read' can't be part of a pipeline if you want to export the variables +function child_of_sshd () +{ + unset pid2ppid + unset pid2cmd + while read xPID xPPID xO ; do + + pid2ppid[$xPID]="$xPPID" + pid2cmd[$xPID]="$xO" + + done < <( ps ax -opid,ppid,cmd | grep -E "sshd|bash" ) + + pid=$$ + while /bin/true ; do + # is the working PID part of the pid2ppid mapping? + if echo ${!pid2ppid[@]} | grep -q $pid ; then + pid=${pid2ppid[$pid]} + else + break + fi + # is the working PID command sshd? + if echo "${pid2cmd[$pid]}" | grep -q 'sshd' ; then + # then success; we're a child or sshd + return 0 + fi + done + + # we are not a child of sshd + return 1 +} + +if child_of_sshd ; then + export LD_PRELOAD=/usr/lib/snoopy.so +fi + diff --git a/histlog/upload.cron.php b/histlog/upload.cron.php new file mode 100644 index 0000000..989b795 --- /dev/null +++ b/histlog/upload.cron.php @@ -0,0 +1,11 @@ + -- 2.43.0