Nmap Development mailing list archives

Re: Interested in logging the local use of NMAP commands?

From: "Alek O. Komarnitsky (N-CSC)" <alek () ast lmco com>
Date: Tue, 12 Jun 2001 16:06:33 -0600 (MDT)

From: "Haugsness, Kyle" <Kyle.Haugsness () qwest com>
Subject: Interested in logging the local use of NMAP commands?
To: "'nmap-dev () insecure org'" <nmap-dev () insecure org>

Greetings!

So I was asked to install NMAP on a shell box that lots of people use.
Realizing the tool's value to some clueful network engineers I agreed to
it's use, provided that we could log the commands being used.  I didn't want
to turn on full process accounting, so I wrote a patch to log use of NMAP
commands to LOCAL1.INFO and to present a banner to users notifying them of
proper use.

So the diff against 2.53 is attached.  Tested on Solaris 8 Sparc 64-bit.  I
would be interested in feeback or anything that I missed.

Overview of changes:
  1.  Added a banner that is displayed when this program is first run.
  2.  Grab all the command line arguments and log them to syslog
       under LOCAL1.INFO.
  3.  Redefined LOG_MASK.  Fyodor used a define of LOG_MASK in nmap.h but
       that conflicted with the syslog LOG_MASK variable.  I changed
Fyodor's
       to LOG_NMAP_MASK in nmap.c and nmap.h. 
  4.  Disabled "interactive" mode because it didn't look easy to log all the
       commands that a user could issue.  My users wouldn't need it anyway.

Remember that if you are going to use this code, you need to setup
/etc/syslog.conf to actually do something with LOCAL1.INFO message
and then restart your syslog daemon.

Thanks,
Kyle



FYI FWIW: nmap-web (see URL below) has some built-in file logging capabilities
that will tell you who has used it. It doesn't give access to all of the
options to nmap, but on the other hand, it might be helpful to people that
prefer to use a web interface.

alek

P.S. nmap-web is linked from Fyodor's web site or can be directly found at:
        http://www.komar.org/pres/nmap-web

PPS. On an unrelated note, I've been working on a program called "yadu",
     Yet Another Disk Usage program ... that slices-n-dices a filesystem
     and catorgorizes files in various ways based on stat() output.
     Not really a scanning tool ... but it has been darn useful to
     me as a Sysadmin - check it out if interested at:
        http://www.komar.org/pres/yadu

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

Current thread:

Interested in logging the local use of NMAP commands? Haugsness, Kyle (Jun 12)
- <Possible follow-ups>
- Re: Interested in logging the local use of NMAP commands? Alek O. Komarnitsky (N-CSC) (Jun 12)