Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Interested in logging the local use of NMAP commands?

Re: Interested in logging the local use of NMAP commands?

From: Alek O. Komarnitsky (N-CSC) <alek_at_ast.lmco.com>
Date: Tue, 12 Jun 2001 16:06:33 -0600 (MDT)

> From: "Haugsness, Kyle" <Kyle.Haugsness_at_qwest.com>
> Subject: Interested in logging the local use of NMAP commands?
> To: "'nmap-dev_at_insecure.org'" <nmap-dev_at_insecure.org>
>
> Greetings!
>
> So I was asked to install NMAP on a shell box that lots of people use.
> Realizing the tool's value to some clueful network engineers I agreed to
> it's use, provided that we could log the commands being used. I didn't want
> to turn on full process accounting, so I wrote a patch to log use of NMAP
> commands to LOCAL1.INFO and to present a banner to users notifying them of
> proper use.
>
> So the diff against 2.53 is attached. Tested on Solaris 8 Sparc 64-bit. I
> would be interested in feeback or anything that I missed.
>
> Overview of changes:
> 1. Added a banner that is displayed when this program is first run.
> 2. Grab all the command line arguments and log them to syslog
> under LOCAL1.INFO.
> 3. Redefined LOG_MASK. Fyodor used a define of LOG_MASK in nmap.h but
> that conflicted with the syslog LOG_MASK variable. I changed
> Fyodor's
> to LOG_NMAP_MASK in nmap.c and nmap.h.
> 4. Disabled "interactive" mode because it didn't look easy to log all the
> commands that a user could issue. My users wouldn't need it anyway.
>
> Remember that if you are going to use this code, you need to setup
> /etc/syslog.conf to actually do something with LOCAL1.INFO message
> and then restart your syslog daemon.
>
> Thanks,
> Kyle

FYI FWIW: nmap-web (see URL below) has some built-in file logging capabilities
that will tell you who has used it. It doesn't give access to all of the
options to nmap, but on the other hand, it might be helpful to people that
prefer to use a web interface.

alek

P.S. nmap-web is linked from Fyodor's web site or can be directly found at:
        http://www.komar.org/pres/nmap-web

PPS. On an unrelated note, I've been working on a program called "yadu",
     Yet Another Disk Usage program ... that slices-n-dices a filesystem
     and catorgorizes files in various ways based on stat() output.
     Not really a scanning tool ... but it has been darn useful to
     me as a Sysadmin - check it out if interested at:
        http://www.komar.org/pres/yadu

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Jun 12 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos