chkwtmp.c

来自「linux中经典的rootkit的检测工具 功能超强 可以查杀上百种rootki」· C语言 代码 · 共 97 行

C
97
字号 
/*   Copyright (c) DFN-CERT, Univ. of Hamburg 1994   Univ. Hamburg, Dept. of Computer Science   DFN-CERT   Vogt-Koelln-Strasse 30   22527 Hamburg   Germany   02/20/97 - Minimal changes for Linux/FreeBSD port.   Nelson Murilo, nelson@pangeia.com.br   09/07/00 - Ports for Solaris   Andre Gustavo <gustavo@anita.visualnet.com.br>   12/15/00 - Add -f option   Nelson Murilo, nelson@pangeia.com.br   07/08/04 - fix del counter value (Thanks to Dietrich Raisin)   Nelson Murilo, nelson@pangeia.com.br   09/12/05 - fix Segfault (Thanks to J閞閙ie Andr閕)   Nelson Murilo, nelson@pangeia.com.br*/#include <stdio.h>#include <unistd.h>#include <string.h>#include <utmp.h>#include <time.h>#include <sys/time.h>#include <sys/file.h>#ifdef SOLARIS2#include <fcntl.h>#endif#ifdef __FreeBSD__#define WTMP_FILENAME "/var/log/wtmp"#else#ifndef WTMP_FILENAME#define WTMP_FILENAME "/var/adm/wtmp"#endif#endifvoid printit(counter, start, end)int counter;long start,end;{	char		buffer[30];	printf("%d deletion(s) between ", counter);	strncpy(buffer, ctime( (time_t *) &start), 30);	buffer[24]='\0';	printf("%s and %s", buffer, ctime( (time_t *) &end));}int main(int argc, char*argv[]) {	int		filehandle;	struct utmp	utmp_ent;	struct timeval	mytime;	struct timezone	dummy;	long		start_time, act_time;	int		del_counter, t_del;        char wtmpfile[128];	del_counter=t_del=0;	start_time=0;	gettimeofday(&mytime, &dummy);       act_time=mytime.tv_sec;       wtmpfile[127]='\0';       memcpy(wtmpfile, WTMP_FILENAME, 127);       if ( argc == 3 && !memcmp("-f", argv[1], 2) && *argv[2])          memcpy(wtmpfile, argv[2], 127);	if ((filehandle=open(wtmpfile,O_RDONLY)) < 0) {		fprintf(stderr, "unable to open wtmp-file %s\n", wtmpfile);		return(2);	}	while (read (filehandle, (char *) &utmp_ent, sizeof (struct utmp)) > 0) {		if (utmp_ent.ut_time == 0)			del_counter++;		else {			if (del_counter) {				printit(del_counter, start_time,					utmp_ent.ut_time);				t_del++;				del_counter=0;			}			start_time=utmp_ent.ut_time;		}	}	close(filehandle);	if (del_counter)	   printit(del_counter, start_time, act_time);        exit(t_del+del_counter);}

chkwtmp.c - 源码说明

本页面展示了「linux中经典的rootkit的检测工具 功能超强 可以查杀上百种rootkit」中的 chkwtmp.c 源码文件,采用 C语言 编程语言编写,共 97 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫开发者社区收录了大量与Linux相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?