Well, among other things - the file that went missing was a crontab . . .
I've built a small perl script to get the data and dump it out to the client data stream; hobbit runs it via sudo. I'm also looking at logfetch.c, the hobbit program that does the process. I can see Henrik has thought about this, because the code to get and drop root permissions is present - bracketed by ifdefs for 'BIG_SECURITY_HOLE'.
I need to satisfy myself about the logfetch code, and then I think a recompile may be in order.
(Complicating the issue, AIX does not have a 'stat' command, and the 'istat' command does not give similar output).
Tom
-----Original Message----- From: Rolf Schrittenlocher [mailto:schritte at hebis.uni-frankfurt.de] Sent: Friday, September 12, 2008 1:47 AM To: hobbit at hswn.dk Subject: Re: [hobbit] need help checking a file status
Hi Tom,
what about a cronjob copying the file every minute and changing the rights of the copy? Then you may monitor the copy.
Rolf
We had an 'event' earlier in the week where a file ended as zero-length, so I want to monitor it with hobbit.
Unfortunately, it is mode 600 owned by root, in a directory mode 600 owned by root.
I'd like to report this under the 'files' column, but I'd rather not do logfetch as suid rot.
Has anyone had luck using the file:command interface to use sudo?
Any other suggestions?
TIA
Tom Kauffman
-- Mit freundlichen Gruessen Rolf Schrittenlocher
Bitte beachten Sie die neue Emailadresse!
HeBIS-IT, Senckenberganlage 31, 60054 Frankfurt Tel: (49) 69 - 798 28908 Fax: (49) 69 798 28817 LBS: lbs-f at mlist.uni-frankfurt.de Persoenlich: schritte at hebis.uni-frankfurt.de
To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk