In the context of system monitoring, I need to determine which user is running a certain process on a remote machine.
As the host may be running Linux, Windows or Solaris it was decided to achieve this through SNMP queries.
The information I have so far is:
The process IDs can be queried from the OID 1.3.6.1.2.1.25.4.2.1.1,
the corresponding process names from the OID 1.3.6.1.2.1.25.4.2.1.2.
Is it possible to use this information to determine which user is running a process with some given ID?
Thanks in advance for your help.
While searching for a MIB that supports the required functionality, I came across NET-SNMP-EXTEND-MIB.
This MIB allows to extend SNMP to execute scripts.
Following this guide, allowed me to retrieve process owners by process name resp. PID for Linux OS.
However, for Windows I have not yet found a solution.
Related
I've been given a task to write some code to notify administrators if the device sends a trap. Also I'd like to be able to check upon the device as well.
I'm not so sure where to begin. Is there a test server online where I can test if I setup the device correctly? (Whether it send traps according to the condition I set?)
If I were to write code to monitor this device, I think I should learn how the snmp and mib files work exactly. Is there good summary and reference for me?
Is there some simple example code for snmp?
download any trial based S/W to receive traps on your system like LoriotProV6 or SolarWids.
In windows based sys open run evntwin.exe n select ur preferred options to generate traps like SNMP.
Here you need to check for Trapping column if it says "Yes" then only select it..
or else it wont mean any thing.
then click add run ur SNMP services.
To rum SNMP services go to control panel-> Add/Remove -> Add/Remove Windows component -> check Management & Monitoring click on details n check SNMP & WMI options.
now go to control panel-> Administrator tools -> Services -> search SNMP services n& start it.
You can consider 2 basic ways to check whether the device of interest generating/sending out SNMP traps.
You can just run wireshark on the device (if possible) or on the target server (where the traps supposed to arrive). Then you can filter the traffic using default SNMP ports. For example it could be one of the following: 161, 162, 10161, 10162.
You can install a MIB browser on the target server and see if any traps arrive. There are number of available free applications on the web.
On Windows it is possible to have a service that allows clients running in a user context to connect to it using sockets or pipes, and then impersonate the connecting user in order to act on behalf of that user, for instance to access files that only the user has access to (or making sure that no other files are accessed).
What is the equivalent way of accomplishing this on Mac OS X (Linux is interesting too)? I would assume that the set*uid functions would be used for this in some way?
But how do I authenticate the user that I want to impersonate and get the uid to set when the user is connecting on a socket?
Also, the set*uid functions seem to affect the entire process, which makes them difficult to use in a multithreaded daemon. Is there a different commonly used design pattern for this type of services on Mac OS X/Linux?
Edit:
pmjordan's answer seems to take care of the set*uid per-process-only issue, and the question How can I pass user credentials through a Unix-domain socket on Mac OS X? seems to take care of the actual authentication problem by using unix domain sockets instead of plain sockets.
For OS X specifics: have you looked at the Authentication, Authorization, and Permissions Guide for Mac OS X?
Generally, in UNIX-like operating systems, processes typically are owned by one specific user, and what they are permitted to do is determined primarily by this. There are some exceptions to this, but generally, the idea tends to be to do this on a per-process granularity. On the plus side, starting new processes is really easy - see the fork() function.
So a typical way for a daemon (such as sshd) to impersonate different users is to run the main process as root. Then, accept incoming connections and pass them off to fork()ed child processes, which, as you say, immediately drop privileges using set*uid. There are various inter-process communication channels, such as pipes, that you can set up if the child processes need to communicate with the parent process. Obviously, the less code runs as root, the better, from a security perspective, so you'll want to aim for the child processes to be autonomous.
If you need users to actually provide their username and password, things get a bit more complicated; you might want to look at the source code for the su and sudo utilities, and read the platform-specific documentation for authentication APIs.
from Technical Note TN2083 - Apple Developer
In some cases it is helpful to impersonate the user, at least as far as the permissions checking done by the BSD subsystem of the kernel. A single-threaded daemon can do this using seteuid and setegid. These set the effective user and group ID of the process as a whole. This will cause problems if your daemon is using multiple threads to handle requests from different users. In that case you can set the effective user and group ID of a thread using pthread_setugid_np. This was introduced in Mac OS X 10.4.
I guess I have missed the obvious, maybe, but I am lost for a good answer.
I am developing a stand alone program that will be running on a Linux (Ubuntu?) embedded PC inside a piece of hardware. I want it to be the "thing" SNMP talks to. Well, short of compiling in my own SNMD "daemon" code and persuading Linux to let a general user have access to port 161, I think I'll opt for Net-SNMP's snmpd. I am open to suggestions for better products to use. LGPL, BSD, MIT, licenses, please.
I am working separately on the MIB and assigning OIDs, etc. I know what vars I want to set and get, etc.
I have read and reread the stuff on making an SNMP/snmpd Agent and/or subagent. Near as I can tell, they are both compiled into snmp or linked to it as a shared library. Right?
So, how do I get that agent to talk to my sepaprate program running in a separate general user session? Is there a direct technique to use? D-Bus? ppen()? Named pipes? Shared memory? Temp files? UDP port? Something better? Or do I really want to turn my program into a .SO and let snmpd launch it? I assume at that point I'd be abe to tell snmpd where to call in to me to get/set vars. Right?
Thanks!
The "AgentX" protocol is a way for arbitrary applications to supply SNMP services to a running system SNMP daemon. Your application listens on some port other than 161 (typically a library will take care of the details for you), and the system snmpd will forward requests for your OIDs to your subagent. This method doesn't involve linking any code into the system snmpd.
Often an easier way is to configure the system snmpd to run a script to get or set data. The script can, if you like, use some other kind of IPC to talk to your application (such as JSON to an HTTP server, for example).
I have a process that is created on windows machine (Lets call it PRS). The amount can be different amount. The processes are created by a nother process (Manager) which is defined as a service. the Manager get instructions and reacts according to the request (for example creating a new PRS, stopping PRS etc').
When creating (using the MANAGER) a few applications PRSs evey one of the get also parameter of which ini file to create(every ini is uniq and has an ID that represent it).
When creating 2 processes PRS (eveyone is passed uniq ini file) I can see them using the TASK-MANAGER with the same name.
My problem is that I need to write a script that gets the list of ID that represents the process and terminate it. I am writing it in java script.
Is there a way of dicovering according the ID that I gave as parameter when I created the process which one I need to terminate ?
Thnaks
You can't recognize the PID of a process according to parameters you gave it. You can use another process for getting the PID of the process or using files for have that information.
Roman is right. Also it's not a good practice to terminate your process. Try to use interprocess communication. Here some links:
msdn or codeproject or try google.
At my workplace, we have lab machines that we use to do our testing.
The standard procedure to reserve a machine for testing was to walk around the office to make sure that no one was using the machine.
This is highly inefficient and time consuming.
At first, I set up a web page where people could reserve the lab machine but nobody was keeping the page updated so that turned up to be useless.
I finally found a solution using Microsoft log parser and wanted to share it to the stack overflow community.
It is a batch file that runs on the machine so the user can identify the last users that use the machine and easily IM them to ask if the machine is free.
Is there a better solution to do this?
Use the built-in command qwinsta (Query Win Station) to figure out what sessions (including console) are active or inactive (disconnected) and then act on the given information (creds to krusty.ar btw for linking this already).
If you feel people are abusing the machine in question, refer to rwinsta to nuke their sessions into oblivion...
You will need to install the Microsoft Log Parser
Then create the following 2 files
TSLoginsDetails.sql
SELECT
timegenerated,
EXTRACT_TOKEN(Strings,1,'|') AS Domain,
EXTRACT_TOKEN(Strings,0,'|') AS User,
EXTRACT_TOKEN(Strings,3,'|') AS SessionName,
EXTRACT_TOKEN(Strings,4,'|') AS ClientName,
EXTRACT_TOKEN(Strings,5,'|') AS ClientAddress,
EventID
FROM Security
WHERE EventID=682
ORDER BY timegenerated DESC
TSLogins.bat
echo off
cls
c:
cd "c:\Program Files\Log Parser 2.2\"
logparser.exe file:TSLoginsDetails.sql -o:DATAGRID
Now by placing this batch file on the desktop, the user can see who were the last people to login and contact them by IM to verify if they are done.
How about posting the information from the log file to the website that tells who is currently using the machine as well.
Check and notify when they log in.
Updated the "who is using the machine" page you made prior.
Run a AT job that checks every couple of hours who is on it.
Totally out of the box:
You can install the Software Testing Automation Framework (STAF) on your servers and desktops to manage your tests. It's written in Java, so you can use it on Windows and Unix/Linux desktops and servers.
Using STAF, you can create a resource pool of test servers on which you conduct tests, then write STAX jobs (STAX is a STAF execution framework) to conduct the tests. The job can grab the first available server from the resource pool, run the test, monitor the test status, log results, notify the submitter, then release the server back into the pool when done. If you have multiple people submitting jobs for tests, STAF will manage the queue of requests and satisfy them as they came in. Users can either monitor the job from their desktop, or you can set up email alerts to notify them when the test is complete.
I'm not sure if I understand you, but there are a set of command line tools to deal with terminal server sessions, and there's also a Windows API to do the same if you need to do this from a program.
Since it sounds like you're a microsoft shop, you can set up the machines as resources in outlook/exchange and reserve them that way.