Skip to Content UTAS Home | Contacts
University of Tasmania Home Page Site Title

IT Resources

Auditing Apple Desktop login-logouts

Aim

Login / Logout Scripts have been compiled within a simple installer to capture and upload information required for audit via php to a MySQL database from Apple computers within labs around the University.
This package is designed for installation with ARD in mind, however you may install locally if required.

Installation \ Implementation

Utas Lab Usage Auditor.pkg needs to be deployed and installed on each machine, this may be completed through ARD package deployment, or via local installation.

  1. Download Utas Lab Usage Auditor.mpkg.zip secure area password required
  2. Unzip

  3. Deploy Utas Lab Usage Auditor.mpkg via Apple Remote Desktop ‘Install’ tool

    or

  4. Run the Utas Lab Usage Auditor.mpkg installer on each machine as required

  5.  Logout of the machine(s). The audit triggers will activate on the following login           


Further Information

The information is gathered by two separate bash shell scripts installed on each client machine, triggered by the LaunchAgent process, and sent to the MySQL database via https://ranger.its.utas.edu.au/audit/audit.php:

  1. logintrack.sh
  2. logouttrack.sh
  3. auditor.app
  4. audit.php
logintrack.sh

Attached to the auditor unix executable, the logouttrack shell script is triggered at user logout to capture the following data:

  • MAC Address
  • Date Stamp (inc time stamp)
  • Hostname (derived from hostname.conf)
  • IP Address
  • Trigger Mechanism (Login)
  • Username 
logouttrack.sh


Attached to the auditor unix executable, the logouttrack shell script is triggered at user logout to capture the following data:

  • MAC Address
  • Date Stamp (inc time stamp)
  • Hostname (derived from hostname.conf)
  • IP Address
  • Trigger Mechanism (Logout)
  • Username
auditor.app

Monitoring set triggers of the Launch Agent process, this Unix executable will initiate either the logintrack, or logouttrack shell scripts.

audit.php

Information gathered from the above scripts is automatically uploaded to the MySQL server enabled on ranger.its. Information is parsed by a PHP script that provides consistency verification and adds the required information to the audit database.

Security is an important consideration, and has been facilitated via https and ITR Signed Certificate Authority on the server front end.

 

MySQL Database

Sample data captured within MySQL Database hosted on ranger.its.utas.edu.au

mysql> SELECT * FROM log;
+--------------+-----------------+--------------------------+---------------+--------+----------+
| mac          | datestamp       | hostname                 | ip            | action | username |
+--------------+-----------------+--------------------------+---------------+--------+----------+
| 001e52f29dec | 20080613.135347 | ranger.its.utas.edu.au   | 131.217.2.143 | logout | root     |
| 001e52f29dec | 20080613.135409 | ranger.its.utas.edu.au   | 131.217.2.143 | login  | root     |
| 0017f20c24b0 | 20080613.144920 | trivette.its.utas.edu.au | 131.217.5.230 | login  | wmh      |
| 0017f20c24b0 | 20080613.144938 | trivette.its.utas.edu.au | 131.217.5.230 | logout | wmh      |
| 001ff34e49d7 | 20080613.145757 | texas.its.utas.edu.au    | 131.217.5.15  | login  | wmh      |
| 001ff34e49d7 | 20080613.145808 | texas.its.utas.edu.au    | 131.217.5.15  | logout | wmh      |
+--------------+-----------------+--------------------------+---------------+--------+----------+
 
 

University of Tasmania Home Page Authorised by the Director, IT Resources
© University of Tasmania ABN 30 764 374 782
CRICOS Provider Code 00586B | Copyright & Disclaimers | Accessibility | Site Feedback |

International Students | Future Students | Research
Last Modified: 26-Sep-2008