audit_tool.c
来自「<B>Digital的Unix操作系统VAX 4.2源码</B>」· C语言 代码 · 共 1,802 行 · 第 1/5 页
C
1,802 行
bcopy ( hostp->h_name, h_name_prev, i+1 ); return ( hostp->h_name );}
#ifdef audit_tool_X/* modify siz_p and offset_p to reflect referenced file */int get_posn ( fd, siz_p, offset_p )int fd;off_t *siz_p;int *offset_p;{ struct stat statbuf; if ( fstat ( fd, &statbuf ) ) return(-1); *siz_p = statbuf.st_size; *offset_p = tell(fd); return(0);}#endif audit_tool_X
/* initialize audit_fields structure */init_audit_fields ( af )struct audit_fields *af;{ af->event = -1; af->error = 0; af->flag = 0; af->result = -1; af->device = -1; af->auid = -1; af->uid = -1; af->ruid = -1; af->hostid = -1; af->ipaddr = 0; af->pid = -1; af->ppid = -1; af->n_cpu = 0;#ifdef PRIV af->privstr.mask[0] = 0; af->privstr.mask[1] = 0;#endif PRIV af->device2 = -1; af->auid2 = -1; af->uid2 = -1; af->ruid2 = -1; af->hostid2 = -1; af->ipaddr2 = 0; af->pid2 = -1; af->ppid2 = -1; af->login_proc = 0; af->login_indx = 0; af->login2_indx = 0; af->homedir_indx = 0; af->shell_indx = 0; af->service_indx = 0; af->devname_indx = 0; af->atom_id_indx = 0; af->x_client_indx = 0; af->client_id_indx = 0; af->property_indx = 0; af->res_class_indx = 0; af->res_type_indx = 0; af->res_id_indx = 0; af->charp_indx = 0; af->descrip_indx = 0; af->intp_indx = 0; af->shortp_indx = 0; af->int_array_indx = 0; af->gp_id_indx = 0; af->gp_dev_indx = 0; af->socket_indx = 0; af->msg_indx = 0; af->access_indx = 0; af->ipc_uid_indx = 0; af->ipc_gid_indx = 0; af->ipc_mode_indx = 0;}
/* initialize selectn structure */init_selectn ( selectn_p )struct selectn *selectn_p;{ int i; selectn_p->auid_indx = 0; selectn_p->charparam_indx = 0; selectn_p->dev_indx = 0; selectn_p->error_indx = 0; selectn_p->event_indx = 0; selectn_p->gnode_indx = 0; selectn_p->gnode_dev_indx = 0; selectn_p->ipaddr_indx = 0; selectn_p->logfile[0] = '\0'; selectn_p->n_cpu = -1; selectn_p->pid_indx = 0; selectn_p->ppid_indx = 0; selectn_p->ruid_indx = 0; selectn_p->rulesfil[0] = '\0'; for ( i = 0; i < TIME_LEN; i++ ) { selectn_p->time_end[i] = '\0'; selectn_p->time_start[i] = '\0'; } selectn_p->uid_indx = 0; selectn_p->username_indx = 0;#ifdef PRIV selectn_p->priv = -1;#endif PRIV}
/* interactive mode */interact ( selectn, flag )struct selectn *selectn; /* selection criteria */int *flag; /* misc options */{ char buf[MAXPATHLEN]; int i, j;#define INTER1(str,arg,len,buf,i) \ write ( 1, str, sizeof(str) ); \ if ( arg[0] != '\0' ) { \ i = sprintf_l ( buf, "(%s) ", arg ); \ write ( 1, buf, i ); \ } \ i = read ( 0, buf, len ); \ if ( i > 1 ) { \ if ( buf[0] == '*' ) i = 1, arg[0] = '\0'; \ else strncpy ( arg, buf, i-1 ); \ arg[i-1] = '\0'; \ }#define INTER2(str,flag_mode,buf,i) \ write ( 1, str, sizeof(str) ); \ i = sprintf_l ( buf, "(%s) ", *flag & flag_mode ? "yes" : "no" ); \ write ( 1, buf, i ); \ i = read ( 0, buf, STR_LEN ); \ if ( i > 1 ) { \ if ( buf[0] == '1' || buf[0] == 'y' || buf[0] == 'Y') *flag |= flag_mode; \ else *flag &= ~flag_mode; \ } write ( 1, "subject:\n", 9 ); interact_int ( " audit_id: ", selectn->auid, &selectn->auid_indx ); interact_shrt ( " ruid: ", selectn->ruid, &selectn->ruid_indx, 0 ); interact_shrt ( " uid: ", selectn->uid, &selectn->uid_indx, 0 ); interact_str ( " username: ", selectn->username, &selectn->username_indx ); interact_shrt ( " pid: ", selectn->pid, &selectn->pid_indx, 0 ); interact_shrt ( " ppid: ", selectn->ppid, &selectn->ppid_indx, 0 ); interact_shrt ( " dev: ", selectn->dev, &selectn->dev_indx, 1 ); interact_host ( selectn->ipaddr, &selectn->ipaddr_indx ); write ( 1, "\nevent:\n", 7 ); interact_event ( selectn->event, &selectn->event_indx, selectn->event_status ); interact_int ( " error: ", selectn->error, &selectn->error_indx ); INTER1 ( " time_start: ", selectn->time_start, STR_LEN, buf, i ); INTER1 ( " time_end: ", selectn->time_end, STR_LEN, buf, i ); write ( 1, "\nobject:\n", 9 ); interact_str ( " charparam: ", selectn->charparam, &selectn->charparam_indx ); interact_int ( " gnode: ", selectn->gnode, &selectn->gnode_indx ); interact_int ( " gnode_dev: ", selectn->gnode_dev, &selectn->gnode_dev_indx ); INTER1 ( "\nrules file: ", selectn->rulesfil, STR_LEN, buf, i ); if ( i > 1 ) ruleno = build_ruleset ( selectn->rulesfil, *flag&FLAG_DISPLAY ); INTER2 ( "continuous operation: ", FLAG_FOLLOW, buf, i ); INTER2 ( "report by audit_id: ", FLAG_REPORT, buf, i ); INTER2 ( "quick output format: ", FLAG_BRIEF, buf, i ); INTER2 ( "override audit log changes: ", FLAG_OVERRIDE, buf, i ); INTER2 ( "use local /etc/passwd and /etc/group: ", FLAG_LOCALID, buf, i ); write ( 1, "\n\n", 2 );}
/* event list = { event[:success[:fail]] } */interact_event ( field, indx, status )char field[][STR_LEN];int *indx;char *status;{ char buf[MAXPATHLEN]; int found; int i, j, k; /* output current events[:succeed:fail] selected */ i = sprintf_l ( buf, "\n (events: %s selected)\n", *indx == 0 ? "all" : itoa(*indx) ); write ( 1, buf, i ); for ( j = 0; j < *indx; j++ ) { i = sprintf_l ( buf, " %s", field[j] ); write ( 1, buf, i ); if ( (status[j] & NO_S) == 0 ) { i = sprintf_l ( buf, " : succeed" ); write ( 1, buf, i ); } if ( (status[j] & NO_F) == 0 ) { i = sprintf_l ( buf, " : fail" ); write ( 1, buf, i ); } write ( 1, "\n", 1 ); } /* read new event selections */ for ( k = *indx; k < N_SELECT; k++, (*indx)++ ) { write ( 1, " event: ", 10 ); i = read ( 0, buf, STR_LEN2 ); if ( i > 1 ) { if ( buf[0] == '*' ) { *indx = 0; break; } else strncpy ( field[k], buf, i-1 ); field[k][i-1] = '\0'; } if ( i == 1 ) break; /* check for previous occurrence in list */ for ( k = found = 0; k < *indx; k++ ) { for ( j = 0; field[k][j]; j++ ); if ( strncmp ( field[k], field[*indx], j ) == 0 ) { found = 1; break; } } /* update selectn event and status lists */ status[k] = 0x0; for ( j = 0; j < i && field[*indx][j] != ':'; j++ ); if ( j < i ) { field[*indx][j] = '\0'; if ( field[*indx][j+1] == '0' ) status[k] += NO_S; if ( field[*indx][j+2] == ':' && field[*indx][j+3] == '0' ) status[k] += NO_F; } *indx -= found; k = *indx; }}
/* interactive mode for hostnames and ip addresses */interact_host ( ipaddr, indx )unsigned long *ipaddr;int *indx;{ char buf[MAXPATHLEN]; struct hostent *hp; unsigned long addr; char *name; int i, j; write ( 1, " hostname/addr: ", 17 ); if ( *indx == 1 ) { if ( name = gethost_l(ipaddr[0]) ) i = sprintf_l ( buf, "(%s) ", name ); else i = sprintf_l ( buf, "(%d) ", inet_ntoa(ipaddr[0]) ); write ( 1, buf, i ); } else if ( *indx ) { write ( 1, "( ", 2 ); for ( i = 0; i < *indx; i++ ) { if ( name = gethost_l(ipaddr[i]) ) j = sprintf_l ( buf, "%s ", name ); else j = sprintf_l ( buf, "%s ", inet_ntoa(ipaddr[i]) ); write ( 1, buf, j ); } write ( 1, ") ", 3 ); } for ( i = 0; i < N_SELECT2; i++ ) { j = read ( 0, buf, HOST_LEN ); if ( j == 1 ) break; if ( buf[0] == '*' ) { *indx = 0; break; } buf[j-1] = '\0'; if ( hp = gethostbyname(buf) ) bcopy ( hp->h_addr, &ipaddr[i], hp->h_length ); else if ( (j = inet_addr(buf)) != -1 ) ipaddr[i] = j; else { write ( 1, " -- bad host/address\n", 21 ); i--; } *indx = i+1; if ( *indx < N_SELECT2 ) write ( 1, " hostname/addr: ", 17 ); }}
/* interactive mode for integer arrays */interact_int ( string, field, indx )char *string;int *field;int *indx;{ char buf[MAXPATHLEN]; int strlen; int i, j; for ( strlen = 0; string[strlen]; strlen++ ); write ( 1, string, strlen ); if ( *indx == 1 ) { i = sprintf_l ( buf, "(%d) ", field[0] ); write ( 1, buf, i ); } else if ( *indx ) { write ( 1, "( ", 2 ); for ( i = 0; i < *indx; i++ ) { j = sprintf_l ( buf, "%d ", field[i] ); write ( 1, buf, j ); } write ( 1, ") ", 3 ); } for ( i = 0; i < N_SELECT2; i++ ) { j = read ( 0, buf, STR_LEN ); if ( j == 1 ) break; if ( buf[0] == '*' ) { *indx = 0; break; } field[i] = atoi(buf); *indx = i+1; if ( *indx < N_SELECT2 ) write ( 1, string, strlen ); }}
/* interactive mode for short arrays */interact_shrt ( string, field, indx, dev )char *string;short *field;int *indx;int dev;{ char buf[MAXPATHLEN]; int strlen; int i, j; for ( strlen = 0; string[strlen]; strlen++ ); write ( 1, string, strlen ); if ( *indx == 1 ) { if ( dev == 0 ) i = sprintf_l ( buf, "(%d) ", field[0] ); else i = sprintf_l ( buf, "(%d,%d) ", major(field[0]), minor(field[0]) ); write ( 1, buf, i ); } else if ( *indx ) { write ( 1, "( ",⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?