Greetings!
So I was asked to install NMAP on a shell box that lots of people use.
Realizing the tool's value to some clueful network engineers I agreed to
it's use, provided that we could log the commands being used. I didn't want
to turn on full process accounting, so I wrote a patch to log use of NMAP
commands to LOCAL1.INFO and to present a banner to users notifying them of
proper use.
So the diff against 2.53 is attached. Tested on Solaris 8 Sparc 64-bit. I
would be interested in feeback or anything that I missed.
Overview of changes:
1. Added a banner that is displayed when this program is first run.
2. Grab all the command line arguments and log them to syslog
under LOCAL1.INFO.
3. Redefined LOG_MASK. Fyodor used a define of LOG_MASK in nmap.h but
that conflicted with the syslog LOG_MASK variable. I changed
Fyodor's
to LOG_NMAP_MASK in nmap.c and nmap.h.
4. Disabled "interactive" mode because it didn't look easy to log all the
commands that a user could issue. My users wouldn't need it anyway.
Remember that if you are going to use this code, you need to setup
/etc/syslog.conf to actually do something with LOCAL1.INFO message
and then restart your syslog daemon.
Thanks,
Kyle
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Jun 12 2001
Intro
