First off, I would recommend that you not sudo the whole menuing script. This requires very careful coding of your menu script and everything it calls to avoid holes in your security. You could specify that the module scripts (or anything in the correct directory, if you really trust everyone with write privs to that directory), be valid sudo commands for the users of the menu system. Ideally, you might want to move the sudo commands into the scripts themselves to ensure that no unapproved commands can be executed with root privileges.
Now, as to your question, the operating system (Unix from your post) maintains a logging file utmpx of the currently logged in users. This log includes the point of origin of the login. The Unix command to see who is logged in on a terminal, which terminal, since when and from where is who am i. It is not fooled by sudo:
$ who am i idsfa pts/11 Apr 20 15:09 (10.0.0.1) $ sudo who am i idsfa pts/11 Apr 20 15:09 (10.0.0.1)
You could use this in your logs to identify which login & IP source issued a given command. Other than running this program, you could also use User::Utmp to read the log directly, with something like:
use User::Utmp qw(:constants :utmpx); use POSIX qw(ttyname); my $tty = ttyname(); my @utmp = getutx(); my $ip = "Rogue Hacker"; foreach $entry (@utmp) { next if ($entry->{ut_type} != USER_PROCESS); next if ($entry->{ut_line} ne $tty); $ip = $entry->{ut_host}; last; }
In reply to Re: log the ip of the executor
by idsfa
in thread log the ip of the executor
by kog
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |