On Sun, Jul 29, 2001 at 11:23:37AM -0500, John R. Jackson wrote:
> >... One thing that would increase security would be the ability to
> >inform the system administrator by mail/logs which files have been
> >restored. If the new amr script logs which user is running it, then
> >the system can track who restores what - a degree of
> >accountability. Is there any way to do this with the existing setup?
>
> First you're going to have to decide when sudo is run in this sequence.
> It could be run from within amr, or you could run amr under sudo.
> That will affect whether the script knows who it is running as or whether
> you'll have to get that out of the sudo log file.
It'll probably easier to run sudo from within the script.
> The script doesn't report anything at the moment but certainly could be
> enhanced. I think what you'd want is to figure out which amrecover*debug
> file had just been used when it's done and post the interesting lines
> from it, such as:
>
> add_file: (Successful) Added /tmp/resolv/res_init.c
>
> It would also be pretty easy to modify amrecover itself to log more
> stuff to its own debug file, such as each command entered. Let me know
> if you need help with that. It could be folded into the "run things
> from the command line" patch.
This is exactly what I had in mind. I will give it all some thought
and get back to you. I'll have to dust off my C skills (I'm a Java
programmer now) and learn some ksh to get anywhere, but it'll be
interesting!
Thanks John,
Tom
