Context Navigation

d_zroot.pl @ 2233

Last change on this file since 2233 was 2096, checked in by geofft, 14 years ago
d_zroot: Merge r2093 and r2094 into Debian copy
File size: 4.9 KB

Rev	Line
[1969]	1	#!/usr/bin/perl
	2
	3	use strict;
	4	use warnings;
	5	use Sys::Hostname;
	6	use Time::HiRes qw(ualarm);
	7	use File::Temp;
	8
	9	our $ZCLASS = "scripts-auto";
	10	our @USERS = qw/root logview/;
	11	my $k5login;
	12	open $k5login, '/root/.k5login';
	13	our @RECIPIENTS = map {chomp; m\|([^/@]*)\| && $1} <$k5login>;
	14	close $k5login;
	15
	16	our %USERS;
	17	@USERS{@USERS} = undef;
	18
[2096]	19	sub zwrite($;$$\@) {
	20	my ($message, $class, $instance, $recipref) = @_;
	21	my @recipients = ();
	22	if (defined($recipref)) {
	23	if (@$recipref) {
	24	@recipients = @$recipref;
	25	} else {
	26	$message = '@b(Empty recipient list specified, message redacted)';
	27	$class = $ZCLASS;
	28	}
	29	}
[1969]	30	$class \|\|= $ZCLASS;
	31	$instance \|\|= 'root.'.hostname;
	32	open(ZWRITE, "\|-", qw\|/usr/bin/zwrite -d -n -O log -c\|, $class, '-i', $instance, '-s', hostname, @recipients) or die "Couldn't open zwrite";
	33	print ZWRITE $message;
	34	close(ZWRITE);
	35	}
	36
[2096]	37	unless (@RECIPIENTS) {
	38	# Also give a warning at startup
	39	zwrite('@b(No .k5login found, sensitive logs will not be zephyred)', $ZCLASS);
	40	}
	41
[1969]	42	my %toclass;
	43
	44	my %sshkeys;
	45
	46	sub buildKeyMap($) {
	47	my ($file) = @_;
	48	open (KEYS, $file) or (warn "Couldn't open $file: $!\n" and return);
	49	while (<KEYS>) {
	50	chomp;
	51	my ($fingerprint, $comment) = parseKey($_);
	52	$sshkeys{$fingerprint} = $comment;
	53	}
	54	close(KEYS);
	55	}
	56
	57	sub parseKey($) {
	58	my ($key) = @_;
	59	my $tmp = new File::Temp;
	60	print $tmp $key;
	61	close $tmp;
	62	open (KEYGEN, "-\|", qw(/usr/bin/ssh-keygen -l -f), $tmp) or die "Couldn't call ssh-keygen: $!";
	63	my ($line) = <KEYGEN>;
	64	close(KEYGEN);
	65	my (undef, $fingerprint, undef) = split(' ', $line, 3);
	66	my (undef, undef, $comment) = split(' ', $key, 3);
	67	#print "$fingerprint $comment";
	68	return ($fingerprint, $comment);
	69	}
	70
	71	buildKeyMap("/root/.ssh/authorized_keys");
	72	buildKeyMap("/root/.ssh/authorized_keys2");
	73
	74	my @message;
	75
	76	while (my $line = <>) {
	77	@message = $line;
	78	eval {
	79	local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required
	80	ualarm(500*1000);
	81	while (<>) { push @message, $_; }
	82	};
	83	chomp @message;
	84	map { s/^(.*?): // } @message;
	85	%toclass = ();
	86	foreach my $message (@message) {
	87	sub sendmsg ($;$) {
	88	my ($message, $class) = @_;
	89	$class \|\|= $ZCLASS;
	90	$toclass{$class} .= $message."\n";
	91	}
	92	if ($message =~ m\|Accepted (\S+) for (\S+)\|) {
	93	sendmsg($message) if exists $USERS{$2}
	94	} elsif ($message =~ m\|Authorized to (\S+),\|) {
	95	sendmsg($message) if exists $USERS{$1};
	96	} elsif ($message =~ m\|Root (\S+) shell\|) {
	97	sendmsg($message);
	98	} elsif ($message =~ m\|pam_unix$([^:]+):session$: session \S+ for user (\S+)\|) {
	99	sendmsg($message) if $1 ne "cron" and exists $USERS{$2};
	100	} elsif ($message =~ m\|^Found matching (\w+) key: (\S+)\|) {
	101	if ($sshkeys{$2}) {
	102	sendmsg($message." (".$sshkeys{$2}.")");
	103	} else {
	104	sendmsg($message." (UNKNOWN KEY)");
	105	}
	106	} elsif ($message =~ m\|^Out of memory:\|) {
	107	sendmsg($message);
	108	} elsif ($message =~ m\|^giving \S+ admin rights\|) {
	109	sendmsg($message);
	110	} elsif ($message =~ m\|^Connection closed\|) {
	111	# Do nothing
	112	} elsif ($message =~ m\|^Closing connection to \|) {
	113	} elsif ($message =~ m\|^Connection from (\S+) port (\S+)\|) {
	114	} elsif ($message =~ m\|^Invalid user\|) {
	115	} elsif ($message =~ m\|^input_userauth_request: invalid user\|) {
	116	} elsif ($message =~ m\|^Received disconnect from\|) {
	117	} elsif ($message =~ m\|^Postponed keyboard-interactive\|) {
	118	} elsif ($message =~ m\|^Failed keyboard-interactive/pam\|) {
	119	} elsif ($message =~ m\|^fatal: Read from socket failed: Connection reset by peer$\|) {
	120	} elsif ($message =~ m\|^reverse mapping checking getaddrinfo\|) {
	121	} elsif ($message =~ m\|^pam_succeed_if$sshd\:auth$\:\|) {
	122	} elsif ($message =~ m\|^error: PAM: Authentication failure\|) {
	123	} elsif ($message =~ m\|^pam_unix$sshd:auth$: authentication failure\|) {
	124	} elsif ($message =~ m\|^pam_unix$sshd:auth$: check pass; user unknown\|) {
	125	} elsif ($message =~ m\|^Postponed keyboard-interactive for invalid user \|) {
	126	} elsif ($message =~ m\|^Failed keyboard-interactive/pam for invalid user \|) {
	127	} elsif ($message =~ m\|^Postponed gssapi-with-mic for \|) {
	128	} elsif ($message =~ m\|^Address \S+ maps to \S+, but this does not map back to the address\|) {
	129	} elsif ($message =~ m\|^Nasty PTR record .* is set up for .*, ignoring\|) {
	130	} elsif ($message =~ m\|^User child is on pid \d+$\|) {
	131	} elsif ($message =~ m\|^Transferred: sent \d+, received \d+ bytes$\|) {
	132	} elsif ($message =~ m\|^Setting tty modes failed: Invalid argument$\|) {
	133	} elsif ($message =~ m\|^ nrpe . COMMAND=/etc/nagios/check_ldap_mmr.real$\|) {
	134	} elsif ($message =~ m\|^ *root : TTY=\|) {
	135	} elsif ($message =~ m\|^Set /proc/self/oom_adj to \|) {
[2095]	136	} elsif ($message =~ m\|^fatal: mm_request_receive: read: Connection reset by peer$\|) {
[1969]	137	} else {
	138	sendmsg($message, "scripts-spew");
	139	}
	140	}
	141
	142	foreach my $class (keys %toclass) {
[2096]	143	if ($class eq $ZCLASS) {
[1969]	144	zwrite($toclass{$class}, $class);
	145	} else {
	146	zwrite($toclass{$class}, $class, undef, @RECIPIENTS);
	147	}
	148	}
	149	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/host/debian/scripts-syslog-ng-config/d_zroot.pl @ 2233

Download in other formats: