Executing scripts using filters
EELS can be configured to filter incoming messages and
to execute a script or command whenever a match is made.
NOTE:
Currently the script or command is executed as root.
In future releases of EELS, the user parameter
(described below) will be implemented and the UID that
the script or command is run as will be selectable.
Using this feature, you could configure EELS
to email you whenever a failed attempt to telnet
into your system is made. First, you would add new
execute-script and filter
parameter blocks to /etc/default/eels, as follows:
-
Log in as root.
-
Add the following lines to the bottom of
/etc/default/eels:
execute-script example_mailer {
script /etc/eels/scripts/ex_mailer.sh;
user root;
filter ex_mailer_filter;
}
filter ex_mailer_filter {
include " OriginatorServiceName == 'telnetd' &&
EventSpecificInformation == 'Unable to invoke login '";
}
NOTE:
The execute-script block specifies that the
/etc/eels/scripts/ex_mailer.sh must be executed whenever
the conditions in the filter block ``ex_mailer_filter''
are satisfied. The filter block specifies that for the script to be executed, the
field ``OriginatorServiceName'' must be equal to ``telnetd''
and ``EventSpecificInformation'' must contain the sub string
``Unable to invoke login''.
-
Save /etc/default/eels.
Next, you could create the script you referenced in
the execute-script block.
-
Log in as root.
-
Create /etc/eels/scripts/ex_mailer.sh and add
the following lines to the new file:
#!/bin/sh
echo "A telnet session was aborted on: `date`"|mailx \
-s "A possible telnet problem occurred on: `uanme -n`" \
AnAdministrator@A_Node.com
-
Save /etc/eels/scripts/ex_mailer.sh.
-
Ensure the script has the correct permissions by entering the following command:
chmod 755 /etc/eels/scripts/ex_mailer.sh
-
To activate your changes, stop and restart EELS by
entering the following commands:
/etc/init.d/eelsrc stop
/etc/init.d/eelsrc start
The changes are now active. If a telnet session
is aborted before a successful login is made on your system,
a warning message is emailed to AnAdministrator@A_Node.com.
To test that this works:
-
Log in as root.
-
Use telnet to connect to the localhost:
telnet localhost
-
Press <Ctrl>D to exit the telnet session. Doing this generates
the message you need to trigger the script.
The warning email message will be sent immediately. Usually you should
receive the message within a couple of minutes.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004