Need perl to watch command line

[jewel464g]

I need some help getting started on a script. I need perl to watch the command line of a linux server and look for a certain string. Anyone point me toward something that will watch the command line???

http://www.scriptchick.com/

When faced with a decision, always ask, 'Which would be the most fun?'

 

[PaulTEG]

Looks like you're going to have to wrap the console for that. You'll have to put a wrapper round the console commands, and then pass them to the "console" proper.

I'm not sure if this is a perl question per se, because perl isn't traditionally high enough in the hierarchy, it's not going to have permissions to see what's going on. But if your looking to audit the console as to what commands were issued, without having process id, permissions etc etc, I'd ask this in the linux forum as a how do i log console commands

HTH
--Paul

Nancy Griffith - songstress extraordinaire,
and composer of the snipers anthem "From a distance ...

 

[rharsh]

While this is a perl forum, and I might be committing sacrilege, I think expect is an easier way to monitor, and disallow or modify, the commands being entered on the command line. You can use the interact directive to do exactly what you're looking for.

 

[PaulTEG]

rharsh's suggestion is the way to go if you're issuing directives to the console from perl, though I thought from your post that you were basically looking to audit the 'console sessions' on a machine.

to rharsh, sacrilege, ..?, talking gets things done, (unless you've seen a spectre of terror ..) Expect can connect to/create a session on the console, though how it'd connect to any session without me reading the documentation is beyond me

--Paul

Nancy Griffith - songstress extraordinaire,
and composer of the snipers anthem "From a distance ...

 

[rharsh]

I might be wrong, but can't you run a script/command when the console session is initiated?

My assumption is that jewel464g wanted to monitor the commands a user was entering and modify/disallow commands with certain strings in them.

Here's a little bit from the expect man page:

For example, the following command runs interact with the following string-body pairs defined:
When ^Z is pressed, Expect is suspended. (The -reset flag restores the terminal modes.) When ^A is pressed, the user sees "you typed a control-A" and the process is sent a ^A. When $ is pressed, the user sees the date. When ^C is pressed, Expect exits. If "foo" is entered, the user sees "bar". When ~~ is pressed, the Expect interpreter runs interactively.

And the code to go along with it:

set CTRLZ \032
interact {
    -reset $CTRLZ {exec kill -STOP [pid]}
    \001    {send_user "you typed a control-A\n";
            send "\001"
            }
    $	    {send_user "The date is [exec date]."}
    \003   exit
    foo    {send_user "bar"}
    ~~
}

 

[MikeLacey]

You could just monitor the shell history file...

Mike

To err is human,
but to really foul things up -
you require a man Mike.

Want to get great answers to your Tek-Tips questions? Have a look at faq219-2884

 

[PaulTEG]

Mike,

Does everyone's shell history end up in the same file? Would've thought of that as a bit loose in terms of security

oh look, the sysadmin has run the passwd command ...

--Paul

Nancy Griffith - songstress extraordinaire,
and composer of the snipers anthem "From a distance ...

 

[MikeLacey]

Yes, a bit loose. Depends on what you want it for I guess.

Mike

To err is human,
but to really foul things up -
you require a man Mike.

Want to get great answers to your Tek-Tips questions? Have a look at faq219-2884

 

[jewel464g]

I'll have to look into the shell history file. Hadn't heard of that before. Thanks guys.

http://www.scriptchick.com/

When faced with a decision, always ask, 'Which would be the most fun?'