Nmap Development mailing list archives
Interested in logging the local use of NMAP commands?
From: "Haugsness, Kyle" <Kyle.Haugsness () qwest com>
Date: Tue, 12 Jun 2001 13:52:08 -0600
Greetings! So I was asked to install NMAP on a shell box that lots of people use. Realizing the tool's value to some clueful network engineers I agreed to it's use, provided that we could log the commands being used. I didn't want to turn on full process accounting, so I wrote a patch to log use of NMAP commands to LOCAL1.INFO and to present a banner to users notifying them of proper use. So the diff against 2.53 is attached. Tested on Solaris 8 Sparc 64-bit. I would be interested in feeback or anything that I missed. Overview of changes: 1. Added a banner that is displayed when this program is first run. 2. Grab all the command line arguments and log them to syslog under LOCAL1.INFO. 3. Redefined LOG_MASK. Fyodor used a define of LOG_MASK in nmap.h but that conflicted with the syslog LOG_MASK variable. I changed Fyodor's to LOG_NMAP_MASK in nmap.c and nmap.h. 4. Disabled "interactive" mode because it didn't look easy to log all the commands that a user could issue. My users wouldn't need it anyway. Remember that if you are going to use this code, you need to setup /etc/syslog.conf to actually do something with LOCAL1.INFO message and then restart your syslog daemon. Thanks, Kyle
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Interested in logging the local use of NMAP commands? Haugsness, Kyle (Jun 12)
- <Possible follow-ups>
- Re: Interested in logging the local use of NMAP commands? Alek O. Komarnitsky (N-CSC) (Jun 12)