Commit | Line | Data |
378cc40b |
1 | #!/usr/bin/perl -P |
2 | |
fe14fcc3 |
3 | # $Header: scan_sudo,v 4.0 91/03/20 01:13:44 lwall Locked $ |
378cc40b |
4 | |
5 | # Analyze the sudo log. |
6 | |
a687059c |
7 | chdir('/usr/adm/private/memories') || die "Can't cd to memories: $!\n"; |
378cc40b |
8 | |
9 | if (open(Oldsudo,'oldsudo')) { |
10 | $maxpos = <Oldsudo>; |
11 | close Oldsudo; |
12 | } |
13 | else { |
14 | $maxpos = 0; |
15 | `echo 0 >oldsudo`; |
16 | } |
17 | |
18 | unless (open(Sudo, '/usr/adm/sudo.log')) { |
19 | print "Somebody removed sudo.log!!!\n" if $maxpos; |
20 | exit 0; |
21 | } |
22 | |
23 | ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime, |
24 | $blksize,$blocks) = stat(Sudo); |
25 | |
26 | if ($size < $maxpos) { |
27 | $maxpos = 0; |
28 | print "Somebody reset sudo.log!!!\n"; |
29 | } |
30 | |
31 | seek(Sudo,$maxpos,0); |
32 | |
33 | while (<Sudo>) { |
34 | s/^.* :[ \t]+//; |
35 | s/ipcrm.*/ipcrm/; |
36 | s/kill.*/kill/; |
37 | unless ($seen{$_}++) { |
38 | push(@seen,$_); |
39 | } |
40 | $last = $_; |
41 | } |
42 | $max = tell(Sudo); |
43 | |
a687059c |
44 | open(tmp,'|sort >oldsudo.tmp') || die "Can't create tmp file: $!\n"; |
378cc40b |
45 | while ($_ = pop(@seen)) { |
46 | print tmp $_; |
47 | } |
48 | close(tmp); |
a687059c |
49 | open(tmp,'oldsudo.tmp') || die "Can't reopen tmp file: $!\n"; |
378cc40b |
50 | while (<tmp>) { |
51 | print $seen{$_},":\t",$_; |
52 | } |
53 | |
54 | print `(rm -f oldsudo.tmp; echo $max > oldsudo) 2>&1`; |