This is the C program (hare
) and the Python daemon (hared
) for this story.
hare is a small utility which is installed in a PAM configuration (e.g. for sshd
) in order to log when a successful login is attempted, e.g. to alert on machines which are seldom visited or otherwise monitored.
hare transmits a JSON string over a UDP datagram. The JSON looks like this:
{
"tty": "tty1",
"service": "login",
"hostname": "zabb01",
"user": "jjolie",
"tst": 1522154553,
"rhost": "<unknown>",
"remote" : "10.0.12.1"
}
The values for user
, rhost
, tty
, and service
are set from PAM from their PAM_
equivalents, and hostname
will contain the gethostname(3) result as determined by hare. remote
is the IP address of the hare client as seen by hared.
Python hared
is also installable via https://pypi.python.org/pypi/hared/