UNIX for Dummies Questions & Answers

Hi there thanks for checking in.

I run a helpdesk with about 500 users login onto a network
and then onto a Unix box.

Sometimes people use other people's login's.:-(
All user's use there own PC.( I.P )
Is there a way that when somebody logs onto the unix box with a different I.P that the the system with e-mail me the I.P address
So that i can find the people who are doing this, which creates problems.

i'm thinking along the lines of a script that runs every 10-20 min's
in the background that uses the files in /var/adm/history

etc.

When you do a

who -u ( for the first time ) sleep 1000
root pts/tCe Jan 30 11:59 1:32 15442 000.00.000.000
helpdesk pts/tCe Jan 30 12:05 0.23 23633 196.13.235.333

who -u (for the Second time)
root pts/tCe Jan 30 11:59 1:32 15442 000.00.000.000
helpdesk pts/tCe Jan 30 12:05 0.23 23633 196.13.235.555

then it should pick up
That user "helpdesk" is not log onto 196.13.235.333 and it should E-mail me the I.P 196.13.235.555 including the User name that is supposed to log unto the unix box from that PC.

Please inform me if the above is unclear.

Thanks in advance

Nemex

It seems you have a handle on what you want to do and where to get the information. What do you need help with?

Hint: scripting is only putting in a executable file what you could have done from the command line. Adding loops and conditions is to allow for your manually doing it in your head (When you see a different IP address on a specific user name, you realize you need to check it out ). So just put in the script the steps you are doing manually.

I have a handle on what i want but i have no idea how to translate this with in a script.

Eg. how do i let the system recognize that the 2 I.P are diff and then have the system mail me ( mailx )

You would have to create a base file - this can be done on the fly in your script before you start checking on everyone.

In your script - who -u |awk '{print $1,$3}' - set a variable to these values. grep to see if the first $1 (the userid) is already in the file. If it is, do nothing but if it isn't write the userid and IP to the file.

Once you get a user id that is in the file and your script finds it in there, then you can start to compare the IP address.

UserIP-File format;
userid IP

joeuser 172.16.1.2
jackuser 172.16.1.3
janeuser 172.16.1.4

To compare what is on the system versus what is in the file, use your who -u command again, pulling the userid and IP into two variables. Check for the userid in the file - if it is there, compare the IP addresses. If different, then email yourself to check it out

You could do many more things with this...but I hope you get the idea.

this is what i've done

who -u > IP
sleep 10000 ( 0% cpu )
who -u > IP2
diff IP IP2 > diff1
/usr/sbin/mailx helpdesk@rtt.co.za < /home/me/diff1

question ? how do i kick this off so that it runs in the back ground

do i just

cammand -D

would that be safe.

Have you considered how you might use the crontab for running this process? Might be better than having a process that sleeps for long periods.....

Just a thought too....rave a read about 'nohup'

Allows you to run processes in the background without requirement of a terminal for outputting to.