Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: /tmp event logger

/tmp event logger

From: Michal Zalewski <lcamtuf_at_BOSS.STASZIC.WAW.PL>
Date: Sat, 14 Mar 1998 13:09:02 +0100

Due to excessive amount of /tmp races reported last months, here's
/tmp event logger. This simple and small program logs file activity
in given directory, giving clear, reusable, space-saving format
(including operation, filename, uid/gid, file type, permissions,
current time). It's very useful when you're looking for possible
vunerabilities, or trying to trace attacks. 

--
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <stdlib.h>
#include <dirent.h>
#include <time.h>
#define OPENED_MAX 5000
#define LAG 5
#define nopp(x) if (strlen(x)<5) nope='\t'; else nope=0;
int wannadies=-1,a;
char* opened[OPENED_MAX];
char present[OPENED_MAX],nope;
time_t costam;
int infect(struct dirent *s) {
  struct stat x;
  if (!(strcmp(s->d_name,"..")&&strcmp(s->d_name,"."))) return -1;
  for (a=0;a<=wannadies;a++) if (!strcmp(opened[a],s->d_name)) {
    present[a]=1;
    return -1;
  }
  strncpy((opened[++wannadies]=malloc(strlen(s->d_name)+1)),s->d_name,
          strlen(s->d_name)+1);
  present[wannadies]=1;
  if (wannadies>OPENED_MAX) {
    fprintf(stderr,"Out of file handlers, dying...\n");
    exit(-1);
  }
  stat(s->d_name,&x);
  time(&costam);
  nopp(s->d_name);
  printf("++ %s%c\t%6o\t%d\t%d\t%d\t%s",s->d_name,nope,x.st_mode,
        x.st_uid,x.st_gid,x.st_size,ctime(&costam));
  return -1;
}
int foo(struct dirent **a,struct dirent **b) {}
int main(int argc,char* argv[]) {
  struct dirent **x;
  int a;
  fprintf(stderr,"/tmp watcher 1.0 by <lcamtuf_at_staszic.waw.pl>\n");
  if (argc==2) if (chdir(argv[1])) {
    fprintf(stderr,"Can't change to given directory, dying.\n");
    return -1;
  } else fprintf(stderr,"Using %s.\n",argv[1]); else {
    fprintf(stderr,"No parameter given, using /tmp.\n");
    chdir("/tmp");
  }
  fprintf(stderr,"\nOP FILENAME\tTYPPRM\tUID\tGID\tSIZE\tTIME\n");
  while (1) {
    bzero(present,sizeof(present));
    scandir("/tmp",&x,infect,foo);
    for (a=0;a<=wannadies;a++) if (!present[a]) {
      time(&costam);
      nopp(opened[a]);
      printf("-- %s%c\t-\t-\t-\t-\t%s",opened[a],nope,ctime(&costam));
      free(opened[a]);
      present[a]=present[wannadies];
      if (a<wannadies) opened[a]=opened[wannadies--]; else wannadies--;
    }
    usleep(LAG);
  }
}
--
It isn't visual, multimedial, and it hasn't a lot of more or less
useful features. Feel free to modify it...
_______________________________________________________________________
Michał Zalewski [tel 9690] | finger 4 PGP [lcamtuf_at_boss.staszic.waw.pl]
Iterować jest rzeczą ludzką, wykonywać rekursywnie - boską [P. Deustch]
=--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=
Received on Mar 15 1998
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos