Tracking/Recording all users that log in especially Active Directory users

[videopuppy]

Hello, I believe this is my first post here. I’ve been trying to get a script to work that uses “whoami” and sends the results to a text file. The script works and writes to the file, but when an AD person logs in it seems spotty and usually records root instead of the actual user.

Does anyone know of a log file that alreadys records all of this or any ideas of how best to record this information?

Thanks
David

[sketch]

when is the script running and how is it running? Is it running fron a loginhook? Login scripts run as the root user, so that might be why you’re gettin that. Use the $USER or $1 variable instead.

We use a php script that passes the info along to a database and is web viewable. Sadly I didn’t make the system or have access to the code so all I have is the client piece, but it might help you:
—————————————————
1 ? $mode = $argv[1] : exit();

$argc > 2 ? $username = $argv[2] : $username = $_SERVER[‘USER’];

$nodename = str_replace(“\n”, “”, str_replace(“\r”, “”, `scutil –get LocalHostName`));
$ipAddress = str_replace(“\n”, “”, str_replace(“\r”, “”, `ipconfig getifaddr en0`));

$host = “www.college.edu”;
$path = “/itservices/mac_scripts/UserTracking.aspx”;

$data = “username=$username”;
$data .= “&nodename=$nodename”;
$data .= “&mode=$mode”;
$data .= “&verify=” . SHA1($ipAddress);

$out = “POST $path HTTP/1.0\r\n”;
$out .= “Host: $host\r\n”;
$out .= “User-Agent: UserTrackingScript\r\n”;
$out .= “Content-type: application/x-www-form-urlencoded\r\n”;
$out .= “Content-length: ” . strlen($data) . “\r\n”;
$out .= “Connection: close\r\n\r\n”;
$out .= $data;

$conn = fsockopen($host, 80, $errno, $errstr, 3);

if ($conn)
{
fwrite($conn, $out);
fclose($conn);
}

?>

[Author]

Posts