Context Navigation

source: trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl @ 2066

Last change on this file since 2066 was 2066, checked in by achernya, 12 years ago
Merge branches/fc15-dev to trunk
Property svn:executable set to ``*
File size: 4.5 KB

Rev	Line
[645]	1	#!/usr/bin/perl
	2
	3	use strict;
	4	use warnings;
	5	use Sys::Hostname;
[666]	6	use Time::HiRes qw(ualarm);
[770]	7	use File::Temp;
[645]	8
[666]	9	our $ZCLASS = "scripts-auto";
	10	our @USERS = qw/root logview/;
[783]	11	my $k5login;
	12	open $k5login, '/root/.k5login';
	13	our @RECIPIENTS = map {chomp; m\|([^/@]*)\| && $1} <$k5login>;
	14	close $k5login;
[666]	15
	16	our %USERS;
	17	@USERS{@USERS} = undef;
	18
[783]	19	sub zwrite($;$$@) {
	20	my ($message, $class, $instance, @recipients) = @_;
[666]	21	$class \|\|= $ZCLASS;
[665]	22	$instance \|\|= 'root.'.hostname;
[784]	23	open(ZWRITE, "\|-", qw\|/usr/bin/zwrite -d -n -O log -c\|, $class, '-i', $instance, '-s', hostname, @recipients) or die "Couldn't open zwrite";
[645]	24	print ZWRITE $message;
	25	close(ZWRITE);
	26	}
	27
[666]	28	my %toclass;
[645]	29
[770]	30	my %sshkeys;
	31
	32	sub buildKeyMap($) {
	33	my ($file) = @_;
[2066]	34	open (KEYS, $file) or (warn "Couldn't open $file: $!\n" and return);
[770]	35	while (<KEYS>) {
	36	chomp;
	37	my ($fingerprint, $comment) = parseKey($_);
	38	$sshkeys{$fingerprint} = $comment;
	39	}
	40	close(KEYS);
	41	}
	42
	43	sub parseKey($) {
	44	my ($key) = @_;
	45	my $tmp = new File::Temp;
	46	print $tmp $key;
	47	close $tmp;
	48	open (KEYGEN, "-\|", qw(/usr/bin/ssh-keygen -l -f), $tmp) or die "Couldn't call ssh-keygen: $!";
	49	my ($line) = <KEYGEN>;
	50	close(KEYGEN);
	51	my (undef, $fingerprint, undef) = split(' ', $line, 3);
	52	my (undef, undef, $comment) = split(' ', $key, 3);
[784]	53	#print "$fingerprint $comment";
[770]	54	return ($fingerprint, $comment);
	55	}
	56
[938]	57	buildKeyMap("/root/.ssh/authorized_keys");
[770]	58	buildKeyMap("/root/.ssh/authorized_keys2");
	59
[2066]	60	my @message;
	61
	62	while (my $line = <>) {
	63	@message = $line;
[666]	64	eval {
	65	local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required
	66	ualarm(500*1000);
	67	while (<>) { push @message, $_; }
	68	};
	69	chomp @message;
	70	map { s/^(.*?): // } @message;
	71	%toclass = ();
	72	foreach my $message (@message) {
	73	sub sendmsg ($;$) {
	74	my ($message, $class) = @_;
	75	$class \|\|= $ZCLASS;
	76	$toclass{$class} .= $message."\n";
[645]	77	}
[666]	78	if ($message =~ m\|Accepted (\S+) for (\S+)\|) {
	79	sendmsg($message) if exists $USERS{$2}
	80	} elsif ($message =~ m\|Authorized to (\S+),\|) {
	81	sendmsg($message) if exists $USERS{$1};
	82	} elsif ($message =~ m\|Root (\S+) shell\|) {
	83	sendmsg($message);
[2066]	84	} elsif ($message =~ m\|pam_unix\(([^:]+):session\): session \S+ for user (\S+)\|) {
	85	sendmsg($message) if $1 ne "cron" and exists $USERS{$2};
[770]	86	} elsif ($message =~ m\|^Found matching (\w+) key: (\S+)\|) {
	87	if ($sshkeys{$2}) {
	88	sendmsg($message." (".$sshkeys{$2}.")");
	89	} else {
	90	sendmsg($message." (UNKNOWN KEY)");
	91	}
[817]	92	} elsif ($message =~ m\|^Out of memory:\|) {
	93	sendmsg($message);
[883]	94	} elsif ($message =~ m\|^giving \S+ admin rights\|) {
	95	sendmsg($message);
[666]	96	} elsif ($message =~ m\|^Connection closed\|) {
	97	# Do nothing
[770]	98	} elsif ($message =~ m\|^Closing connection to \|) {
	99	} elsif ($message =~ m\|^Connection from (\S+) port (\S+)\|) {
[666]	100	} elsif ($message =~ m\|^Invalid user\|) {
	101	} elsif ($message =~ m\|^input_userauth_request: invalid user\|) {
	102	} elsif ($message =~ m\|^Received disconnect from\|) {
[1331]	103	} elsif ($message =~ m\|^Postponed keyboard-interactive\|) {
[1584]	104	} elsif ($message =~ m\|^Failed keyboard-interactive/pam\|) {
[668]	105	} elsif ($message =~ m\|^fatal: Read from socket failed: Connection reset by peer$\|) {
[690]	106	} elsif ($message =~ m\|^reverse mapping checking getaddrinfo\|) {
	107	} elsif ($message =~ m\|^pam_succeed_if\(sshd\:auth\)\:\|) {
[749]	108	} elsif ($message =~ m\|^error: PAM: Authentication failure\|) {
	109	} elsif ($message =~ m\|^pam_unix\(sshd:auth\): authentication failure\|) {
[738]	110	} elsif ($message =~ m\|^Postponed keyboard-interactive for invalid user \|) {
	111	} elsif ($message =~ m\|^Failed keyboard-interactive/pam for invalid user \|) {
[770]	112	} elsif ($message =~ m\|^Postponed gssapi-with-mic for \|) {
[739]	113	} elsif ($message =~ m\|^Address \S+ maps to \S+, but this does not map back to the address\|) {
[1747]	114	} elsif ($message =~ m\|^Nasty PTR record .* is set up for .*, ignoring\|) {
[853]	115	} elsif ($message =~ m\|^User child is on pid \d+$\|) {
	116	} elsif ($message =~ m\|^Transferred: sent \d+, received \d+ bytes$\|) {
[939]	117	} elsif ($message =~ m\|^Setting tty modes failed: Invalid argument$\|) {
[1272]	118	} elsif ($message =~ m\|^ nrpe . COMMAND=/etc/nagios/check_ldap_mmr.real$\|) {
[1305]	119	} elsif ($message =~ m\|^ *root : TTY=\|) {
[1707]	120	} elsif ($message =~ m\|^Set /proc/self/oom_adj to \|) {
[2066]	121	} elsif ($message =~ m\|^fatal: mm_request_receive: read: Connection reset by peer$\|) {
[666]	122	} else {
[770]	123	sendmsg($message, "scripts-spew");
[646]	124	}
[645]	125	}
[665]	126
[666]	127	foreach my $class (keys %toclass) {
[784]	128	if ($class eq "scripts-auto") {
	129	zwrite($toclass{$class}, $class);
	130	} else {
	131	zwrite($toclass{$class}, $class, undef, @RECIPIENTS);
	132	}
[666]	133	}
[645]	134	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: