In this example, we report passwd file problems.
The PasswdFileProblemsUrgent script might send an alert message like the following:
-------------------------------------------------------------------------------
PIKT ALERT
Mon Jan 28 20:49:19 2002
rouen
URGENT:
PasswdFileProblemsUrgent
Report passwd file problems
User alsuen has NO PASSWORD!
-------------------------------------------------------------------------------
The script follows.
///////////////////////////////////////////////////////////////////////////////
//
// accounts_alarms.cfg
//
///////////////////////////////////////////////////////////////////////////////
[other alarms omitted...]
///////////////////////////////////////////////////////////////////////////////
PasswdFileProblemsUrgent
init
status active
level urgent
task "Report passwd file problems"
input proc "=sort -t: +2n =passwd"
seps ":"
=passwddata
begin // assume no crisis (yet)
set #crisis = #false()
rule // non-root uid 0s
if $uid eq "0"
&& $uname ne "root"
output mail "User $uname has UID OF 0!"
output syslog "User $uname has UID OF 0!"
set #crisis = #true()
endif
rule // no password
if $password eq ""
output mail "User $uname has NO PASSWORD!"
output syslog "User $uname has NO PASSWORD!"
if $uname eq "root"
set #crisis = #true()
endif
endif
end // drastic change in /etc/passwd file size
// by setting the =deviated() percentage to 0%, could also
// report *any* change in /etc/passwd file size
set #lines = #innum()
if =deviated(lines, 20%)
output mail "the size of /etc/passwd has changed
by >= 20%, was $text(%lines) lines,
is now $text(#lines)"
set #crisis = #true()
endif
#ifdef page
if #crisis
# if misscritsys
=page($hostname() urgent passwd problem (see alert email),
=pagesysadmins, =allhours(#now()))
# else
=page($hostname() urgent passwd problem (see alert email),
=pagesysadmins, ! =offhours(#now()))
# endif // misscritsys
endif
#endifdef // page
///////////////////////////////////////////////////////////////////////////////
[other alarms omitted...]
///////////////////////////////////////////////////////////////////////////////
This is just one program example. You could add rules, or write new scripts, for example to report: frozen (starred out) accounts, accounts with missing uid or gid, duplicate uids, non-existent gids, empty gecos fields, non-existent home directories or shells, password changes for certain key accounts, illegal user names, malformed lines, etc.
[For more examples, see Samples.]
Home |
FAQ |
News |
Intro |
Samples |
Tutorial |
Reference |
Software |
Authors |
Licensing |
SiteSearch
Links |
SiteIndex |
Pikt-Users |
Pikt-Workers |
Contribute |
ContactUs |
Top of Page
Page best viewed at 1024x768.
Page last updated 2005-06-22.
This site is
PIKT®
powered.
PIKT® is a registered trademark of the University of Chicago.
Copyright © 1998-2005 Robert Osterlund. All rights reserved.
|