Interested in logging the local use of NMAP commands?

["Haugsness, Kyle" <Kyle.Haugsness () qwest com>]

Greetings!

So I was asked to install NMAP on a shell box that lots of people use.
Realizing the tool's value to some clueful network engineers I agreed to
it's use, provided that we could log the commands being used.  I didn't want
to turn on full process accounting, so I wrote a patch to log use of NMAP
commands to LOCAL1.INFO and to present a banner to users notifying them of
proper use.

So the diff against 2.53 is attached.  Tested on Solaris 8 Sparc 64-bit.  I
would be interested in feeback or anything that I missed.

Overview of changes:
  1.  Added a banner that is displayed when this program is first run.
  2.  Grab all the command line arguments and log them to syslog
       under LOCAL1.INFO.
  3.  Redefined LOG_MASK.  Fyodor used a define of LOG_MASK in nmap.h but
       that conflicted with the syslog LOG_MASK variable.  I changed
Fyodor's
       to LOG_NMAP_MASK in nmap.c and nmap.h. 
  4.  Disabled "interactive" mode because it didn't look easy to log all the
       commands that a user could issue.  My users wouldn't need it anyway.

Remember that if you are going to use this code, you need to setup
/etc/syslog.conf to actually do something with LOCAL1.INFO message
and then restart your syslog daemon.

Thanks,
Kyle


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).