From 7f552b7e8afc5e63bee8a53847e591bc34835cf0 Mon Sep 17 00:00:00 2001 From: Daniel Tartavel Date: Fri, 8 May 2020 02:16:35 +0200 Subject: [PATCH] added ipv6 adress --- main.c | 75 +++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 53 insertions(+), 22 deletions(-) diff --git a/main.c b/main.c index a17a9ba..7ab5b36 100644 --- a/main.c +++ b/main.c @@ -9,6 +9,7 @@ #define HOSTNAME "lalis" +//test if pid is in lsit of known sshd processus int isinarray( int pid, int array[], int n ) { //if (n == 0) return 0; @@ -22,23 +23,60 @@ int isinarray( int pid, int array[], int n ) } return 0; } -void getutmp( int pid, char user[], char host_ip[], time_t * time ) +//get utmp datas +void getutmp( int pid, char user[], char host_ip[], char host_ipv6[], time_t * time ) { struct utmp * utmp; + short int ipv6_1; + short int ipv6_2; + short int ipv4; + int x; + char str[6]; + setutent(); while ( (utmp = getutent()) != NULL ) { if ( utmp->ut_pid == pid ) { - sprintf(user, "%s", utmp->ut_user); - sprintf(host_ip, "%s", utmp->ut_host); - *time = (time_t) utmp->ut_tv.tv_sec; + sprintf(user, "%s", utmp->ut_user); //got user login + sprintf(host_ip, "%s", utmp->ut_host); //got ip of origin + if((utmp->ut_addr_v6[1] && utmp->ut_addr_v6[2] && utmp->ut_addr_v6[3]) == 0) + { + ipv4 = utmp->ut_addr_v6[0] & 0x000000ff; + sprintf( str, "%x.", ipv4); + strcat(host_ip, str); + ipv4 = utmp->ut_addr_v6[0] & 0x0000ff00; + sprintf( str, "%x.", ipv4); + strcat(host_ip, str); + ipv4 = utmp->ut_addr_v6[0] & 0x00ff0000; + sprintf( str, "%x.", ipv4); + strcat(host_ip, str); + ipv4 = utmp->ut_addr_v6[0] & 0xff000000; + sprintf( str, "%x", ipv4); + strcat(host_ip, str); + + }else + { + for (x=0;x<4;x++) + { + + ipv6_1 = utmp->ut_addr_v6[x] & 0xffff0000; + sprintf( str, "%x:", ipv6_1); + strcat(host_ipv6, str); + ipv6_2 = utmp->ut_addr_v6[x] & 0x0000ffff; + sprintf( str, "%x:", ipv6_1); + strcat(host_ipv6, str); + } + host_ipv6[strlen(host_ipv6)-1] = '\0'; + } + *time = (time_t) utmp->ut_tv.tv_sec; //got connexion time break; } } endutent(); } +//replace null characters by space int null2space( char str[] ) { int flag =0; @@ -61,6 +99,7 @@ int null2space( char str[] ) return x-1 ; } +// get the childs pids int getpids(int pid, int exploded[]) { FILE *fh; @@ -94,28 +133,29 @@ int getpids(int pid, int exploded[]) } } -int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip[], char date[] ) +int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip[], char host_ipv6[], char date[] ) { FILE *fh1; char child_path[128]; char str[1024]; -// char * pch; int child_pid[10]; int flag = 0; int r; -// int x = 0; int pid = ppid; int level = 0; int retval = 0; time_t timet=0; - getutmp( pid, user, host_ip, &timet ); + //get connexion time + getutmp( pid, user, host_ip, host_ipv6, &timet ); if ( timet == 0) { time( &timet ); } sprintf( date, "%s", ctime(&timet) ); date[strlen(date)-1] = 0; + + //get the pid of the last processus while ( flag == 0) { r = getpids( pid, child_pid ); @@ -132,6 +172,8 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip flag = 1; } } + + // get the command parameters sprintf( child_path, "/proc/%d/cmdline", pid ); if ( (fh1= fopen( child_path, "r" )) == NULL) { @@ -143,6 +185,7 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip null2space( str ); sprintf(cmdline, "%s", str); fclose(fh1); + // get the command name sprintf( child_path, "/proc/%d/comm", pid ); if ( (fh1= fopen(child_path, "r" )) == NULL) { @@ -151,19 +194,6 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip } fscanf( fh1, "%s", cmd ); fclose(fh1); - /*sprintf( child_path, "/proc/%d/environ", pid ); - if ( (fh1= fopen(child_path, "r" )) == NULL) - { - perror(child_path); - return 5; - } - fgets( str, 1024, fh1); - fclose(fh1); - null2space( str ); - if ( (pos = strstr( str, "USER=")) != NULL) - { - sscanf( pos+5, "%s", user); - }*/ return retval; } @@ -193,6 +223,7 @@ int main() char cmdline[1000]; char user[24]=""; char host_ip[42]; + char host_ipv6[42]; char str[1024]; char date[60]; time_t now ; @@ -243,7 +274,7 @@ int main() if( r == 0 ) { user[0]='\0'; - rinfo = getprocinfo( pid, cmdline, cmd, user, host_ip, date ); + rinfo = getprocinfo( pid, cmdline, cmd, user, host_ip, host_ipv6, date ); if( rinfo == 0 ) { x++;