|
前几日看到bsd下的watch命令,可以用他监控用户的操作记录,感觉非常棒,突发灵感,也闲的无聊,准备利用他监控系统用户什么登陆,登陆后都做了什么,
设想如下:
1,自动监测用户,发现有新用户进来,获取他的tty ,开启watch 去监控
2.用户退出时,监控停止,监控的数据插入数据库
3,通过前台页面,调用watch的监控记录
一,监控端服务器脚本- #!/usr/bin/perl
- system "killall -9 watch";
- open (AA,">/usr/zzxia/log");
- @ttl="";
- AAA:
- @wda=`who`;
- for ($i=0;$i<@wda;$i++) {
- chomp ($wda[$i]);
- @str=split(/\s+/,$wda[$i]);
- $datestr=`date '+%Y-%m-%d %T'`;
- system "echo 'use userlog;' > /usr/zzxia/$str[1].log1";
- system qq ~ echo "INSERT INTO userip6 VALUES('$str[0]','$str[5]','$str[2]-$str[3]-$str[4]','$datestr','">> /usr/zzxia/$str[1].log1~;
- chomp ($stty=$str[1]);
- print AA "who value $stty\n";
- @watchs1=`ps -ax | grep watch | grep -v grep `;
- $tta=0;
- for ($j=0;$j<@watchs1;$j++){
- chomp ($watchs1[$j]);
- @watchs=split(/\s+/,$watchs1[$j]);
- chomp ($ws=$watchs[5]);
- print AA "watch is $ws\n";
- if ($stty eq $ws) {
- $tta=1;
- }
- }
- if ( $tta==0 ) {
- system "/usr/sbin/watch $stty >/usr/zzxia/$stty.log2& ";
- $ppid1=`ps -ax | grep $stty | grep -v sshd |grep -v grep `;
- @ppid2=split (/\s+/,$ppid1);
- chomp ($ppid=$ppid2[0]);
- if ($ppid){
- print AA "ppid is $ppid \n";
- push (@ttl,"$stty,$ppid");
- }
- }
- }
-
- @ttl2="";
- print AA "ttl is @ttl\n";
- for ($l=1;$l<@ttl;$l++) {
- @ttls=split(/,/,$ttl[$l]);
- chomp ($kpid=$ttls[1]);
- chomp ($ktty=$ttls[0]);
- $sp=`ps -aux |grep $kpid |grep -v grep`;
- if ( !$sp)
- {
- system "cat /usr/zzxia/$ktty.log1 /usr/zzxia/$ktty.log2>/usr/zzxia/$ktty.log3 ";
- system qq~echo "');">>/usr/zzxia/$ktty.log3~;
- system "rm /usr/zzxia/$ktty.log1 /usr/zzxia/$ktty.log2 ";
- print AA "mysql -h 192.168.0.1 -utest -ptest </usr/zzxia/$ktty.log3\n";
- `mysql -h 192.168.0.1 -utest -ptest </usr/zzxia/$ktty.log3`;
- system "rm /usr/zzxia/$ktty.log3";
- }else {
- push (@ttl2,"$ktty,$kpid");
- }
- }
- @ttl=@ttl2;
- sleep(3);
- goto AAA;
复制代码 动行脚本checklogin.pl & 以后台的方式 运行,运行后会在/usr/zzxia/目录下生成以tty开头的临时份件,程序运行状态可查看log文件,
转载出处! http://bbs.linuxtone.org/thread-261-1-1.html |
|