Nmap Development mailing list archives
Re: Interested in logging the local use of NMAP commands?
From: "Alek O. Komarnitsky (N-CSC)" <alek () ast lmco com>
Date: Tue, 12 Jun 2001 16:06:33 -0600 (MDT)
From: "Haugsness, Kyle" <Kyle.Haugsness () qwest com> Subject: Interested in logging the local use of NMAP commands? To: "'nmap-dev () insecure org'" <nmap-dev () insecure org> Greetings! So I was asked to install NMAP on a shell box that lots of people use. Realizing the tool's value to some clueful network engineers I agreed to it's use, provided that we could log the commands being used. I didn't want to turn on full process accounting, so I wrote a patch to log use of NMAP commands to LOCAL1.INFO and to present a banner to users notifying them of proper use. So the diff against 2.53 is attached. Tested on Solaris 8 Sparc 64-bit. I would be interested in feeback or anything that I missed. Overview of changes: 1. Added a banner that is displayed when this program is first run. 2. Grab all the command line arguments and log them to syslog under LOCAL1.INFO. 3. Redefined LOG_MASK. Fyodor used a define of LOG_MASK in nmap.h but that conflicted with the syslog LOG_MASK variable. I changed Fyodor's to LOG_NMAP_MASK in nmap.c and nmap.h. 4. Disabled "interactive" mode because it didn't look easy to log all the commands that a user could issue. My users wouldn't need it anyway. Remember that if you are going to use this code, you need to setup /etc/syslog.conf to actually do something with LOCAL1.INFO message and then restart your syslog daemon. Thanks, Kyle
FYI FWIW: nmap-web (see URL below) has some built-in file logging capabilities that will tell you who has used it. It doesn't give access to all of the options to nmap, but on the other hand, it might be helpful to people that prefer to use a web interface. alek P.S. nmap-web is linked from Fyodor's web site or can be directly found at: http://www.komar.org/pres/nmap-web PPS. On an unrelated note, I've been working on a program called "yadu", Yet Another Disk Usage program ... that slices-n-dices a filesystem and catorgorizes files in various ways based on stat() output. Not really a scanning tool ... but it has been darn useful to me as a Sysadmin - check it out if interested at: http://www.komar.org/pres/yadu --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Interested in logging the local use of NMAP commands? Haugsness, Kyle (Jun 12)
- <Possible follow-ups>
- Re: Interested in logging the local use of NMAP commands? Alek O. Komarnitsky (N-CSC) (Jun 12)