Now that I’ve figured out TinyHTTPProxy, have login notifications posting to Statusnet, and can use incron to monitor files, let’s pull that all together to let me (and my users) know when the TinyHTTPProxy is in use and who’s using it. Remember only one user can use it at a time, so instead of trying to log in and wondering what the issue is, they can check Statusnet to see if it’s currently in use.
Since everything else is pretty much all set up, let me create a little script in ~/bin to take care of the Statusnet posting. I’ll call it proxy-use.
curl -u security:pass http://myserver/statusnet/api/statuses/update.xml -d status=”TinyHTTPProxy.py has been accessed on `date`”
I created a statusnet user named security to handle this notice as well as the ssh login notices. Remember that’s in /etc/bashrc:
curl -u security:pass http://myserver/statusnet/api/statuses/update.xml -d status=”`whoami` has logged into `hostname` on `date`” >/dev/null 2>&1
So now all I need to do is add my incrontab entry.
/usr/local/bin/TinyHTTPProxy.py IN_ACCESS,IN_NO_LOOP proxy-use >/dev/null 2>&1
You might have to put the full path of the proxy-use script.
Now when a user logs in and uses the proxy:
ssh -L localhost:8000:localhost:8000 -t user@myserver TinyHTTPProxy.py
That sources the .bashrc, firing off a login notice to Statusnet. It also accesses the TinyHTTPProxy.py file, firing off another notice. Make sure to use IN_NO_LOOP in the incrontab entry, otherwise it fires off like 4 notices in a row.
So now you can check Statusnet and see that a user logged in and another notice directly after that reporting TinyHTTPProxy.py has been accessed. When the user is finished with the proxy and kills the ssh session, that sends a final notice that TinyHTTPProxy.py has been accessed. So by looking at the username of the ssh notice and the timestamps of the first proxy notice and the second, you can see who used the proxy and for how long. If you only see one proxy notice after the ssh login notification, then you’ll know who’s currently using it.
Again, something like this is really only appropriate for small servers with just a few users.