[ale] [OT] DHCPd + nmap?

Jonathan Glass jonathan.glass at ibb.gatech.edu
Tue Dec 2 00:01:18 EST 2003


Having read parts of a book on Perl, and corresponding with ALErs, I have
the following working rough outline for real-time monitoring of DHCP logs.
 :)
Thanks to all who helped!

Jonathan Glass

#!/usr/bin/perl
use IO::Handle
pipe(PARENTREAD, PARENTWRITE);
pipe(CHILDREAD, CHILDWRITE);
PARENTWRITE->autoflush(1);
CHILDWRITE->autoflush(1);

if ($child = fork) # Parent Code
{
    close CHILDREAD;
    close PARENTWRITE;
    print CHILDWRITE "Test\n";
    chomp ($result = <PARENTREAD>);
    print "Got a value of $result from child\n";
# $result is raw data
# use regular expression to extract IP adddress
# Use IP address to nmap scan the box for open ports (sub-process)
#    $jbscanresult = system("/usr/bin/nmap -sS $ip_address");
#    print $jbscanresult;
    close PARENTREAD;
    close CHILDWRITE;
    waitpid($child, 0);
}
else
{
    close PARENTREAD; # we don't need this in the child
    close CHILDWRITE;
    chomp($calculation = <CHILDREAD>);
    $jbtest = system("tail -f /var/log/messages|grep DHCPACK");
    print PARENTWRITE "$jbtest\n";
    close CHILDREAD;
    close PARENTWRITE;
    exit;
}


> On Monday 01 December 2003 03:15 pm, Jeff Hubbs wrote:
>> There's no shame in synthesizing something from reliable, well-known,
>> and widely-used components.
>
> Wow.  You make it sound so ... good!
>
> It's all part of the DRY principle (Don't Repeat Yourself), I guess.
>
> Thanks,
>
> Michael
>
>> On Mon, 2003-12-01 at 15:12, Michael D. Hirsch wrote:
>> > On Monday 01 December 2003 01:45 pm, Jonathan Glass wrote:
>> > > Anyone tied nmap together with dhcpd? I'd like to nmap scan a box
>> > > whenever they accept an address from my DHCP server.
>> > >
>> > > What I'm unclear about is how to monitor the dhcpd logs in
>> real-time.
>> > > I can tail the file periodically, then scan, but would prefer to do
>> the
>> > > scan as soon as they receive an address.
>> >
>> > I have written scripts to do this.  The quickest way I found was to
>> run
>> > tail -f logfile and pipe the output to some other script.  Both perl
>> and
>> > python make it really easy to run a subprocess like that and get its
>> > output.
>> >
>> > I used to be embarrased by having done that, but I've since become
>> > convinced that the author of tail did all the hard work.  If I were to
>> > reimplement it, how would I be better for it?
>> >
>> > Michael
>> >
>> > _______________________________________________
>> > Ale mailing list
>> > Ale at ale.org
>> > http://www.ale.org/mailman/listinfo/ale
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>


-- 
Jonathan Glass
Systems Support Specialist II
IBB/GTEC
Office: 404-385-0127
Cell: 404-444-4086



More information about the Ale mailing list