mccalpin@masig1 (John D. McCalpin) (08/22/87)
In response to the following request: ! Let's say I want to output any line from the sulog that indicates that a ! user other than root, news or me attempted to su. The format of the sulog ! records is: ! ! SU 08/05 09:30 + tty02 msi-root ! (awk script was included here) There was a recent reply: > Unless there is more to your awk script than simply writing out the >offending lines, what's wrong with: > `egrep -v "root|news|mel" /usr/adm/sulog` This contains a very serious bug !!! For example, the line: SU 08/05 09:30 + tty02 pirate-root would NOT BE FLAGGED because it contains the string 'root' ! A correct egrep command is: egrep -v 'root-|new-|me-' /usr/adm/sulog I have this in a shell script that is executed by my login file. It is run with the setuid attribute because /usr/adm/sulog is not publicly readable. I am working on a version that would take its userlist from a file, or perhaps from a group list in /etc/group, but this works fine as is. John D. McCalpin mccalpin@fsu.BITNET mccalpin%fsu.MFENET@nmfecc.ARPA mccalpin@masig1.fsu.edu (REAL SOON NOW)