scan_sudo

UNIX下perl实现代码

#!/usr/bin/perl -P

# $RCSfile: scan_sudo,v $$Revision: 4.1 $$Date: 92/08/07 17:20:42 $

# Analyze the sudo log.

chdir('/usr/adm/private/memories') || die "Can't cd to memories: $!\n";

if (open(Oldsudo,'oldsudo')) {
    $maxpos = <Oldsudo>;
    close Oldsudo;
}
else {
    $maxpos = 0;
    `echo 0 >oldsudo`;
}

unless (open(Sudo, '/usr/adm/sudo.log')) {
    print "Somebody removed sudo.log!!!\n" if $maxpos;
    exit 0;
}

($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,
   $blksize,$blocks) = stat(Sudo);

if ($size < $maxpos) {
    $maxpos = 0;
    print "Somebody reset sudo.log!!!\n";
}

seek(Sudo,$maxpos,0);

while (<Sudo>) {
    s/^.* :[ \t]+//;
    s/ipcrm.*/ipcrm/;
    s/kill.*/kill/;
    unless ($seen{$_}++) {
	push(@seen,$_);
    }
    $last = $_;
}
$max = tell(Sudo);

open(tmp,'|sort >oldsudo.tmp') || die "Can't create tmp file: $!\n";
while ($_ = pop(@seen)) {
    print tmp $_;
}
close(tmp);
open(tmp,'oldsudo.tmp') || die "Can't reopen tmp file: $!\n";
while (<tmp>) {
    print $seen{$_},":\t",$_;
}

print `(rm -f oldsudo.tmp; echo $max > oldsudo) 2>&1`;