Menu
I am very new to linux and am sorry for the newbie questions. I had a homework extra credit question that I was trying to do but failed to get it.
Q. Write a security shell script that logs the following information for every process: User ID, time started, time ended (0 if process is still running), whether the process has tried to access a secure file (stored as either yes or no) The log created is called process_security_log where each of the above pieces of information is stored on a separate line and each entry follows immediately (that is, there are no blank lines). Write a shell script that will examine this log and output the User ID of any process that is still running that has tried to access a secure file.
I started by trying to just capturing the User and echo it but failed.
output=`ps -ef | grep [*]`
set -- $output
User=$1
echo $User
481
The output of ps is both insufficient and incapable of producing data required by this question.
You need something like auditd, SELinux, or straight up kernel hacks (ie. fork.c) to do anything remotely in the realm of security logging.
Update
Others have made suggestions to use shell command logging, ps and friends (proc or sysfs). They can be useful, and do have their place (obviously). I would argue that they shouldn't be relied on for this purpose, especially in an educational context.
... whether the process has tried to access a secure file (stored as either yes or no)
Seems to be the one that the other answers are ignoring. I stand by my original answer, but as Daniel points out there are other interesting ways to garnish this data.
For an educational exercise these tools will help provide a more complete answer.
58
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
