added ipv6 adress
This commit is contained in:
Daniel Tartavel
parent
ce35181bc6
commit
7f552b7e8a
75
main.c
75
main.c
@ -9,6 +9,7 @@
|
||||
|
||||
#define HOSTNAME "lalis"
|
||||
|
||||
//test if pid is in lsit of known sshd processus
|
||||
int isinarray( int pid, int array[], int n )
|
||||
{
|
||||
//if (n == 0) return 0;
|
||||
@ -22,23 +23,60 @@ int isinarray( int pid, int array[], int n )
|
||||
} return 0;
|
||||
}
|
||||
|
||||
void getutmp( int pid, char user[], char host_ip[], time_t * time )
|
||||
//get utmp datas
|
||||
void getutmp( int pid, char user[], char host_ip[], char host_ipv6[], time_t * time )
|
||||
{
|
||||
struct utmp * utmp;
|
||||
short int ipv6_1;
|
||||
short int ipv6_2;
|
||||
short int ipv4;
|
||||
int x;
|
||||
char str[6];
|
||||
|
||||
setutent();
|
||||
while ( (utmp = getutent()) != NULL )
|
||||
{
|
||||
if ( utmp->ut_pid == pid )
|
||||
{
|
||||
sprintf(user, "%s", utmp->ut_user);
|
||||
sprintf(host_ip, "%s", utmp->ut_host);
|
||||
*time = (time_t) utmp->ut_tv.tv_sec;
|
||||
sprintf(user, "%s", utmp->ut_user); //got user login
|
||||
sprintf(host_ip, "%s", utmp->ut_host); //got ip of origin
|
||||
if((utmp->ut_addr_v6[1] && utmp->ut_addr_v6[2] && utmp->ut_addr_v6[3]) == 0)
|
||||
{
|
||||
ipv4 = utmp->ut_addr_v6[0] & 0x000000ff;
|
||||
sprintf( str, "%x.", ipv4);
|
||||
strcat(host_ip, str);
|
||||
ipv4 = utmp->ut_addr_v6[0] & 0x0000ff00;
|
||||
sprintf( str, "%x.", ipv4);
|
||||
strcat(host_ip, str);
|
||||
ipv4 = utmp->ut_addr_v6[0] & 0x00ff0000;
|
||||
sprintf( str, "%x.", ipv4);
|
||||
strcat(host_ip, str);
|
||||
ipv4 = utmp->ut_addr_v6[0] & 0xff000000;
|
||||
sprintf( str, "%x", ipv4);
|
||||
strcat(host_ip, str);
|
||||
|
||||
}else
|
||||
{
|
||||
for (x=0;x<4;x++)
|
||||
{
|
||||
|
||||
ipv6_1 = utmp->ut_addr_v6[x] & 0xffff0000;
|
||||
sprintf( str, "%x:", ipv6_1);
|
||||
strcat(host_ipv6, str);
|
||||
ipv6_2 = utmp->ut_addr_v6[x] & 0x0000ffff;
|
||||
sprintf( str, "%x:", ipv6_1);
|
||||
strcat(host_ipv6, str);
|
||||
}
|
||||
host_ipv6[strlen(host_ipv6)-1] = '\0';
|
||||
}
|
||||
*time = (time_t) utmp->ut_tv.tv_sec; //got connexion time
|
||||
break;
|
||||
}
|
||||
}
|
||||
endutent();
|
||||
}
|
||||
|
||||
//replace null characters by space
|
||||
int null2space( char str[] )
|
||||
{
|
||||
int flag =0;
|
||||
@ -61,6 +99,7 @@ int null2space( char str[] )
|
||||
return x-1 ;
|
||||
}
|
||||
|
||||
// get the childs pids
|
||||
int getpids(int pid, int exploded[])
|
||||
{
|
||||
FILE *fh;
|
||||
@ -94,28 +133,29 @@ int getpids(int pid, int exploded[])
|
||||
}
|
||||
}
|
||||
|
||||
int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip[], char date[] )
|
||||
int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip[], char host_ipv6[], char date[] )
|
||||
{
|
||||
FILE *fh1;
|
||||
char child_path[128];
|
||||
char str[1024];
|
||||
// char * pch;
|
||||
int child_pid[10];
|
||||
int flag = 0;
|
||||
int r;
|
||||
// int x = 0;
|
||||
int pid = ppid;
|
||||
int level = 0;
|
||||
int retval = 0;
|
||||
time_t timet=0;
|
||||
|
||||
getutmp( pid, user, host_ip, &timet );
|
||||
//get connexion time
|
||||
getutmp( pid, user, host_ip, host_ipv6, &timet );
|
||||
if ( timet == 0)
|
||||
{
|
||||
time( &timet );
|
||||
}
|
||||
sprintf( date, "%s", ctime(&timet) );
|
||||
date[strlen(date)-1] = 0;
|
||||
|
||||
//get the pid of the last processus
|
||||
while ( flag == 0)
|
||||
{
|
||||
r = getpids( pid, child_pid );
|
||||
@ -132,6 +172,8 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip
|
||||
flag = 1;
|
||||
}
|
||||
}
|
||||
|
||||
// get the command parameters
|
||||
sprintf( child_path, "/proc/%d/cmdline", pid );
|
||||
if ( (fh1= fopen( child_path, "r" )) == NULL)
|
||||
{
|
||||
@ -143,6 +185,7 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip
|
||||
null2space( str );
|
||||
sprintf(cmdline, "%s", str);
|
||||
fclose(fh1);
|
||||
// get the command name
|
||||
sprintf( child_path, "/proc/%d/comm", pid );
|
||||
if ( (fh1= fopen(child_path, "r" )) == NULL)
|
||||
{
|
||||
@ -151,19 +194,6 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip
|
||||
}
|
||||
fscanf( fh1, "%s", cmd );
|
||||
fclose(fh1);
|
||||
/*sprintf( child_path, "/proc/%d/environ", pid );
|
||||
if ( (fh1= fopen(child_path, "r" )) == NULL)
|
||||
{
|
||||
perror(child_path);
|
||||
return 5;
|
||||
}
|
||||
fgets( str, 1024, fh1);
|
||||
fclose(fh1);
|
||||
null2space( str );
|
||||
if ( (pos = strstr( str, "USER=")) != NULL)
|
||||
{
|
||||
sscanf( pos+5, "%s", user);
|
||||
}*/
|
||||
return retval;
|
||||
}
|
||||
|
||||
@ -193,6 +223,7 @@ int main()
|
||||
char cmdline[1000];
|
||||
char user[24]="";
|
||||
char host_ip[42];
|
||||
char host_ipv6[42];
|
||||
char str[1024];
|
||||
char date[60];
|
||||
time_t now ;
|
||||
@ -243,7 +274,7 @@ int main()
|
||||
if( r == 0 )
|
||||
{
|
||||
user[0]='\0';
|
||||
rinfo = getprocinfo( pid, cmdline, cmd, user, host_ip, date );
|
||||
rinfo = getprocinfo( pid, cmdline, cmd, user, host_ip, host_ipv6, date );
|
||||
if( rinfo == 0 )
|
||||
{
|
||||
x++;
|
||||
|
||||
Reference in New Issue
Block a user