Thanks guy, will look into these suggestions,
Neil.
John Summerfield wrote:
On Tuesday 23 November 2004 11:40, Harry Hoffman wrote:
Hi Neil
run a quick perl script on the messages file to remove/change the symlink in /tftpboot/pxelinux.cfg (or wherever you put it) when the system have booted via tftp
something like:
ln -sf /tftpboot/pxelinux.cfg/C0A80201 default
where default is a localboot.
I Like it.
Even better, there's a package called pop-before-smtp that, amongst other things, tails the log and Does Stuff when it gets a match. It's basically a Perl script.
I've taken it and made a generalised log tailer that (with a minimal user-supplied script) could Do The Right Thing.
What I envisage is my programs (I call it da-blocker) would tail /var/log/messages and when it sees a host boot the installer it writes a new config for that host that does not cause it to boot the installer.
I'm looking for testers. The original purpose was to look for ssh abusers trying to get a root shell on my box by employing the tried and trusty Dictionary Attack.
ps It helps if you inderstand Perl regular extensions or are prepared to learn them from supplied docs. I don't wish to go into that topic any time soon unless there's lotsa bucks in it.
-- Neil Marjoram Systems Manager Adastral Park Campus University College London Ross Building Adastral Park Martlesham Heath Ipswich - Suffolk IP5 3RE
Tel: 01473 663711 Fax: 01473 635199
