|
well, we dont have the tcpdump command (does it come with debian etch ?, if it doesnt, we cant use it for this)
hiding the error worked tho xD |
To be more explicit
/usr/sbin/tcpdump |
well, its not there :P
|
Here ya go: http://packages.debian.org/tcpdump
|
i have to ask if we are allowed to install packages that were not provided (thats why i kept saying that i didnt have it, instead of trying to get it :P )
if we are allowed to download packages and installe them (when we execute "make instalar"), ill check it. |
ok, my teammate gave me this:
#!/bin/bash Code:
case $1 in so we once again find ourselves without knowing how to work with sockets and this problem, and still have no answer from the university if we can download and install (and use) tcpdump yet. |
ok, we are "almost" done, we have finished everything but:
net limiter module socket limitation in the general limitations module ssh-kegen (or something like that) for automatick log in into a remote computer for saving a log installer (make) netstat was not the tool to use for the packets thing in the net limiting module, we still have no answer from the guy who has to tell us if we can or can not install tcpdump, we turned our attention to /proc/net/dev that file has the ammount of packets sent, but its a cumulative ammount, each time a packet is sent, its added there. Initially we thought that we had to check the current sent packets, and if in the moment we checked, they were higher thanwhat was allowed, we had to kill proceses using sockets for outgoing conections. (thus, stoping outgoing packets). If anyone knows of something (diferent from tcpdump :P) that can check the number of outgoing packets in a given instant (not the total since the user logged in), pls inform us, for now, we'll asume that the module will check outgoing packets (total), and from the first time it detects that the limit has been exeded, each time its executed, it will kill proceses that are sending packets. (its not ilogical, but we arent 100% sure this is what the module must do). with that done, the only thing we need info about, is: "how to check the actual amount of sockets open by active proceses". In the meantime, will look into /proc too for that info (but we still dont know the actual file that may have the info). |
ok, weare done (considering that our understanding of the net limiter module is correct :P )
we have 2 small problems we would like your help to solve (besides making the makefile, but we dont want help for that... yet :P ) a) shutdown: it needs us to be root... any way to solve this little problem ? (especially one that wont require root pasword :P) we will install with make instalar, and then configure it with make configurar (wich will ask for a username) as root tho, so any modifications that need us to be root, can be done in make instalar /make configurar, but we are unsure what to modify :P EDIT: we are looking into the posibility of creating a group that will be allowed to use shutdown, and then add the user we configure michelle as the shell to, but that would have to be done doring make instalar (creating the group) and make configurar (putting the user in the group) b) one module logs EACH command in a local file, but once it has a certain size, we need to start loguin it in a remote log (the ip of the remote pc and the size of the file are set in a config file). We understand that we can do this with ssh, more specifically, with this command: echo "$2" | ssh $IPSERVERLOG 'cat /home/$USER/logauditoria' $IPSERVERLOG is the value that was previously taken from the config file, and its an IP, $2 is the command that will be logged. but in order for that to work without asking for paswords, we must put the file with the key (this might sound ignorant, but thats how it was explained to me by my teammate :P) in the remote pc, and we'll need a pasword for that too :P As far as i know its ILOGIC to think that we will be able to write to another pc without ever knowing the pasword, so we might be allowed to put the necesary files on the remote pc before testing the proyect (i hope), but more info might be appreciated :P |
Quote:
Quote:
echo "$2" | ssh $IPSERVERLOG 'cat - >> /home/$USER/logauditoria' Quote:
|
Quote:
i dont know about the command for remote loguin with ssh, since my teammate had 2 virtual machines and used that to test, but ill ask him. (and forward him the link :P ) |
ok... we have a little problem :P
in make configurar (configurar = configure, and its one of make's targets), we must ask the user (root) to input the user to which he want myshell to be configured. we thought of doingh this: Code:
read -p "write username to configure the shell to: " Usuariothen some reading revealed that ${Usuario} was a make variable (if i set it to something in the variables section, Usuario keeps that value), so $$Usuario or $${Usuario} should have worked, or so i thoght, buy no :( do i need to change something in the read command ? or in the way i want to expand the variable ? :P If everything fails, i could call for a secondary script for doing the read and chsh stuff, but i don't know if it will be acceptable :P (we arent compiling anything, but they said the wanted make to be the install/configure/uninstall tool) |
The problem is that each line is executed in a new subshell, so the second line doesn't see the variables set by the first one. You could try
Code:
read -p "write username to configure the shell to: " Usuario ; \ |
i tried that (well, i actually was forced too, since the code i pasted before is inside an "if", but it wont work.
dunno, might try that, but i too read that every line is executed in a separated /bin/sh shell, so :p for now we'll manage with calling a script in the make configurar section. now, i want to present you with a "bigger" problem: Our main script calls many subscripts, some run in background (script.sh & or . script.sh &, depending what we need). Now, the first thing that is run, is a script that "register's" each module set for the user. we were really happy yesterday when we finally installed our shell, and the security module worked... but then, for diferent reasons, we ended up noticing that, the "check modules" script, wich is run with & (background) wouldntexecute the script that "registered modules" when it should. Upon further investigation, we notices that the "register modules"script, DOES NOTHING if executed with & (and thus, we conclude that the "check modules" script doesnt work cause its run in background, and calls "register modules" when needed). supose theres a father/main script that uses 2 arrays. it then calls for: . registrar.sh (. is used cause we first used export on the 2 arrays, but we cant export arrays, or so we think, and also, exporting makes the array visible for the child script, but changes made to it wont be seen by the parent) that works well. now, if we change that to: . registrar.sh & it either does nothing, or since it runs in a diferent shell/background, our main script never gets the changes on the arrays. any way arround this ? we are more or less screwed if there is none :P EDIT: we are running it in that what, cause there are 2 scripts that have to run every x minutes, and they wont run if we put them insile the read-eval loop, if the user leaves the computer and writes nothing. We first thought of using read -t "timeout time", but we dont like the fact that it might be posible for the user to take a LONG time to write a long command, and the timeout would execute it when he was halfway writing it... but it might be our only chance (with read t we can put the periodic scripts back into the loop, and make a check in them if they will do ther "thing" or just end) |
Use the sudo tool for safe shutdown, better than setuid. Would only require the user's passwd (not root's) to activate.
for timeout, make it longer eg 5 mins. Separate files eg registrar.sh, whether run in the background or called directly inherit any shell vars that have been explicitly exported, but it's a one-way process ie you can't make changes to a var in a sub-shell prog and expect them to propagate up to the parent... it's downwards only. You can use various other methods eg a temp file or a rtn code. don't know if you've seen these pages, but they are very useful: http://www.tldp.org/LDP/abs/html/ http://rute.2038bug.com/index.html.gz |
Quote:
Quote:
|
| All times are GMT -5. The time now is 08:17 PM. |