#!/usr/bin/perl -P # $Header: scan_sudo,v 3.0 89/10/18 15:15:52 lwall Locked $ # Analyze the sudo log. chdir('/usr/adm/private/memories') || die "Can't cd to memories: $!\n"; if (open(Oldsudo,'oldsudo')) { $maxpos = ; close Oldsudo; } else { $maxpos = 0; `echo 0 >oldsudo`; } unless (open(Sudo, '/usr/adm/sudo.log')) { print "Somebody removed sudo.log!!!\n" if $maxpos; exit 0; } ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime, $blksize,$blocks) = stat(Sudo); if ($size < $maxpos) { $maxpos = 0; print "Somebody reset sudo.log!!!\n"; } seek(Sudo,$maxpos,0); while () { s/^.* :[ \t]+//; s/ipcrm.*/ipcrm/; s/kill.*/kill/; unless ($seen{$_}++) { push(@seen,$_); } $last = $_; } $max = tell(Sudo); open(tmp,'|sort >oldsudo.tmp') || die "Can't create tmp file: $!\n"; while ($_ = pop(@seen)) { print tmp $_; } close(tmp); open(tmp,'oldsudo.tmp') || die "Can't reopen tmp file: $!\n"; while () { print $seen{$_},":\t",$_; } print `(rm -f oldsudo.tmp; echo $max > oldsudo) 2>&1`;