Context Navigation

source: server/fedora/config/etc/syslog-ng/d_zroot.pl @ 783

Last change on this file since 783 was 783, checked in by geofft, 16 years ago
Make d_zroot.pl zephyr people in the .k5login in personals
Property svn:executable set to ``*
File size: 3.5 KB

Line
1	#!/usr/bin/perl
2
3	use strict;
4	use warnings;
5	use Sys::Hostname;
6	use Time::HiRes qw(ualarm);
7	use File::Temp;
8
9	our $ZCLASS = "scripts-auto";
10	our @USERS = qw/root logview/;
11	my $k5login;
12	open $k5login, '/root/.k5login';
13	our @RECIPIENTS = map {chomp; m\|([^/@]*)\| && $1} <$k5login>;
14	close $k5login;
15
16	our %USERS;
17	@USERS{@USERS} = undef;
18
19	sub zwrite($;$$@) {
20	my ($message, $class, $instance, @recipients) = @_;
21	$class \|\|= $ZCLASS;
22	$instance \|\|= 'root.'.hostname;
23	# @recipients \|\|= @RECIPIENTS;
24	open(ZWRITE, "\|-", qw\|/usr/bin/zwrite -d -n -O log -c\|, $class, '-i', $instance, '-s', hostname, @RECIPIENTS) or die "Couldn't open zwrite";
25	print ZWRITE $message;
26	close(ZWRITE);
27	}
28
29	my %toclass;
30
31	my %sshkeys;
32
33	sub buildKeyMap($) {
34	my ($file) = @_;
35	open (KEYS, $file) or warn "Couldn't open $file: $!";
36	while (<KEYS>) {
37	chomp;
38	my ($fingerprint, $comment) = parseKey($_);
39	$sshkeys{$fingerprint} = $comment;
40	}
41	close(KEYS);
42	}
43
44	sub parseKey($) {
45	my ($key) = @_;
46	my $tmp = new File::Temp;
47	print $tmp $key;
48	close $tmp;
49	open (KEYGEN, "-\|", qw(/usr/bin/ssh-keygen -l -f), $tmp) or die "Couldn't call ssh-keygen: $!";
50	my ($line) = <KEYGEN>;
51	close(KEYGEN);
52	my (undef, $fingerprint, undef) = split(' ', $line, 3);
53	my (undef, undef, $comment) = split(' ', $key, 3);
54	print "$fingerprint $comment";
55	return ($fingerprint, $comment);
56	}
57
58	buildKeyMap("/root/.ssh/authorized_keys2");
59
60	while (1) {
61	my @message = scalar(<>);
62	eval {
63	local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required
64	ualarm(500*1000);
65	while (<>) { push @message, $_; }
66	};
67	chomp @message;
68	map { s/^(.*?): // } @message;
69	%toclass = ();
70	foreach my $message (@message) {
71	sub sendmsg ($;$) {
72	my ($message, $class) = @_;
73	$class \|\|= $ZCLASS;
74	$toclass{$class} .= $message."\n";
75	}
76	if ($message =~ m\|Accepted (\S+) for (\S+)\|) {
77	sendmsg($message) if exists $USERS{$2}
78	} elsif ($message =~ m\|Authorized to (\S+),\|) {
79	sendmsg($message) if exists $USERS{$1};
80	} elsif ($message =~ m\|Root (\S+) shell\|) {
81	sendmsg($message);
82	} elsif ($message =~ m\|session \S+ for user (\S+)\|) {
83	sendmsg($message) if exists $USERS{$1};
84	} elsif ($message =~ m\|^Found matching (\w+) key: (\S+)\|) {
85	if ($sshkeys{$2}) {
86	sendmsg($message." (".$sshkeys{$2}.")");
87	} else {
88	sendmsg($message." (UNKNOWN KEY)");
89	}
90	} elsif ($message =~ m\|^Connection closed\|) {
91	# Do nothing
92	} elsif ($message =~ m\|^Closing connection to \|) {
93	} elsif ($message =~ m\|^Connection from (\S+) port (\S+)\|) {
94	} elsif ($message =~ m\|^Invalid user\|) {
95	} elsif ($message =~ m\|^input_userauth_request: invalid user\|) {
96	} elsif ($message =~ m\|^Received disconnect from\|) {
97	} elsif ($message =~ m\|^fatal: Read from socket failed: Connection reset by peer$\|) {
98	} elsif ($message =~ m\|^reverse mapping checking getaddrinfo\|) {
99	} elsif ($message =~ m\|^pam_succeed_if\(sshd\:auth\)\:\|) {
100	} elsif ($message =~ m\|^error: PAM: Authentication failure\|) {
101	} elsif ($message =~ m\|^pam_unix\(sshd:auth\): authentication failure\|) {
102	} elsif ($message =~ m\|^Postponed keyboard-interactive for invalid user \|) {
103	} elsif ($message =~ m\|^Failed keyboard-interactive/pam for invalid user \|) {
104	} elsif ($message =~ m\|^Postponed gssapi-with-mic for \|) {
105	} elsif ($message =~ m\|^Address \S+ maps to \S+, but this does not map back to the address\|) {
106	} else {
107	sendmsg($message, "scripts-spew");
108	}
109	}
110
111	foreach my $class (keys %toclass) {
112	zwrite($toclass{$class}, $class);
113	}
114	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: