Question

After you have fully installed the Ubuntu© operating system to your company’s production servers, you are now responsible for managing and monitoring the servers with Ubuntu© installed. You need to use the virtual environment that you set up with Ubuntu to do the following:

1. Create a script (called users_monitoring.sh) that logs each user’s commands and activities on the operating system. It should be sending the log messages to this endpoint:

   1. IP address: localhost

   2. Port: 8080

   3. Protocol: UDP

   4. The script should run every five minutes, so you need to explain how you would get this to run on a timed basis. What kinds of permissions/access are needed to effectively run this script and transmit logs? Explain to your team where you would store this script on the file system and why.

Answer 1

#!/bin/bash

ORIGSHELL=/bin/bash
LOGFILE=/var/log/monitoringlog

OPTIONS="$@"

USER=`whoami`
WEBUSER=web
WILD=NO
WARN=NO

if [ "$USER" = "$WEBUSER" ]
then

#Ok then - are we doing something wild?
for ARG in $@
do
case "$ARG" in
*\/lynx)
WILD=YES
;;
*\/wget)
WILD=YES
WARN=YES
;;
*\/curl)
WILD=YES
WARN=YES
;;
*\/links)
WILD=YES
WARN=YES
;;
*\/fetch)
WILD=YES
WARN=YES
;;
esac
done

#Are we wild?
if [ "$WILD" = "YES" ]
then
HOST=`hostname`
IPADDR=`resolveip -s $HOST`
NETSTAT=`/usr/bin/nighthawk -ape --numeric-hosts --numeric-ports --tcp | grep 'ESTABLISHED web'`

# Log it.
echo "`date` [$USER] $IPADDR "$@"" >> $LOGFILE
echo "$NETSTAT" >> $LOGFILE
fi
#Are we REALLY wild?
if [ "$WARN" = "YES" ]
then
# Mail it!
mail -s 'Monitoring Logs' abc@localhost < $LOGFILE &
fi
fi

# Now, do it.
exec $OPERATION "$@"

#we never come here...
exit 0

Thanks