Well, among other things - the file that went missing was a crontab . . .
I've built a small perl script to get the data and dump it out to the client data stream; hobbit runs it via sudo. I'm also looking at logfetch.c, the hobbit program that does the process. I can see Henrik has thought about this, because the code to get and drop root permissions is present - bracketed by ifdefs for 'BIG_SECURITY_HOLE'.
I need to satisfy myself about the logfetch code, and then I think a recompile may be in order.
(Complicating the issue, AIX does not have a 'stat' command, and the 'istat' command does not give similar output).
Tom
-----Original Message-----
From: Rolf Schrittenlocher [mailto:user-ea9d95bffcf0@xymon.invalid]
Sent: Friday, September 12, 2008 1:47 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] need help checking a file status
Hi Tom,
what about a cronjob copying the file every minute and changing the
rights of the copy? Then you may monitor the copy.
Rolf
We had an 'event' earlier in the week where a file ended as
zero-length, so I want to monitor it with hobbit.
Unfortunately, it is mode 600 owned by root, in a directory mode 600
owned by root.
I'd like to report this under the 'files' column, but I'd rather not
do logfetch as suid rot.
Has anyone had luck using the file:command interface to use sudo?
Any other suggestions?
TIA
Tom Kauffman
--
Mit freundlichen Gruessen
Rolf Schrittenlocher
Bitte beachten Sie die neue Emailadresse!
HeBIS-IT, Senckenberganlage 31, 60054 Frankfurt
Tel: (XX) XX - XXX XXXXX Fax: (XX) XX XXX XXXXX
LBS: user-1e39a1813094@xymon.invalid
Persoenlich: user-ea9d95bffcf0@xymon.invalid