|
Packit Service |
603f59 |
#!/usr/local/bin/perl
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# $Id: idrlogin.perl5,v 1.5 2001/11/18 12:20:46 abe Exp $
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# idrlogin.perl5 -- sample Perl 5 script to identify the network source of a
|
|
Packit Service |
603f59 |
# network (remote) login via rlogind, sshd, or telnetd
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# IMPORTANT DEFINITIONS
|
|
Packit Service |
603f59 |
# =====================
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# 1. Set the interpreter line of this script to the local path of the
|
|
Packit Service |
603f59 |
# Perl 5 executable.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# Copyright 1997 Purdue Research Foundation, West Lafayette, Indiana
|
|
Packit Service |
603f59 |
# 47907. All rights reserved.
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# Written by Victor A. Abell
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# This software is not subject to any license of the American Telephone
|
|
Packit Service |
603f59 |
# and Telegraph Company or the Regents of the University of California.
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# Permission is granted to anyone to use this software for any purpose on
|
|
Packit Service |
603f59 |
# any computer system, and to alter it and redistribute it freely, subject
|
|
Packit Service |
603f59 |
# to the following restrictions:
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# 1. Neither the authors nor Purdue University are responsible for any
|
|
Packit Service |
603f59 |
# consequences of the use of this software.
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# 2. The origin of this software must not be misrepresented, either by
|
|
Packit Service |
603f59 |
# explicit claim or by omission. Credit to the authors and Purdue
|
|
Packit Service |
603f59 |
# University must appear in documentation and sources.
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# 3. Altered versions must be plainly marked as such, and must not be
|
|
Packit Service |
603f59 |
# misrepresented as being the original software.
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# 4. This notice may not be removed or altered.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# Initialize variables.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
$dev = $faddr = $tty = ""; # fd variables
|
|
Packit Service |
603f59 |
$pidst = 0; # process state
|
|
Packit Service |
603f59 |
$cmd = $login = $pgrp = $pid = $ppid = ""; # process var.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# Set path to lsof.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
if (($LSOF = &isexec("../lsof")) eq "") { # Try .. first
|
|
Packit Service |
603f59 |
if (($LSOF = &isexec("lsof")) eq "") { # Then try . and $PATH
|
|
Packit Service |
603f59 |
print "can't execute $LSOF\n"; exit 1
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# Open a pipe from lsof
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
if (! -x "$LSOF") { die "Can't execute $LSOF\n"; }
|
|
Packit Service |
603f59 |
open (P, "$LSOF -R -FcDfLpPRn0|") || die "Can't pipe from $LSOF\n";
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# Process the lsof output a line at a time
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
while () {
|
|
Packit Service |
603f59 |
chop;
|
|
Packit Service |
603f59 |
@F = split('\0', $_, 999);
|
|
Packit Service |
603f59 |
if ($F[0] =~ /^p/) {
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# A process set begins with a PID field whose ID character is `p'.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
if ($pidst) { &save_proc }
|
|
Packit Service |
603f59 |
foreach $i (0 .. ($#F - 1)) {
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
PROC: {
|
|
Packit Service |
603f59 |
if ($F[$i] =~ /^c(.*)/) { $cmd = $1; last PROC }
|
|
Packit Service |
603f59 |
if ($F[$i] =~ /^p(.*)/) { $pid = $1; last PROC }
|
|
Packit Service |
603f59 |
if ($F[$i] =~ /^R(.*)/) { $ppid = $1; last PROC }
|
|
Packit Service |
603f59 |
if ($F[$i] =~ /^L(.*)/) { $login = $1; last PROC }
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
$pidst = 1;
|
|
Packit Service |
603f59 |
next;
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# A file descriptor set begins with a file descriptor field whose ID
|
|
Packit Service |
603f59 |
# character is `f'.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
if ($F[0] =~ /^f/) {
|
|
Packit Service |
603f59 |
if ($faddr ne "") { next; }
|
|
Packit Service |
603f59 |
$proto = $name = "";
|
|
Packit Service |
603f59 |
foreach $i (0 .. ($#F - 1)) {
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
FD: {
|
|
Packit Service |
603f59 |
if ($F[$i] =~ /^P(.*)/) { $proto = $1; last FD; }
|
|
Packit Service |
603f59 |
if ($F[$i] =~ /^n(.*)/) { $name = $1; last FD; }
|
|
Packit Service |
603f59 |
if ($F[$i] =~ /^D(.*)/) { $dev = $1; last FD; }
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
if ($proto eq "TCP"
|
|
Packit Service |
603f59 |
&& $faddr eq ""
|
|
Packit Service |
603f59 |
&& (($cmd =~ /rlogind/) || ($cmd =~ /sshd/) || ($cmd =~ /telnetd/))) {
|
|
Packit Service |
603f59 |
if (($name =~ /[^:]*:[^-]*->([^:]*):.*/)) {
|
|
Packit Service |
603f59 |
$faddr = $1;
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
} elsif ($tty eq "" && ($cmd =~ /.*sh$/)) {
|
|
Packit Service |
603f59 |
if (($name =~ m#/dev.*ty.*#)) {
|
|
Packit Service |
603f59 |
($tty) = ($name =~ m#/dev.*/(.*)#);
|
|
Packit Service |
603f59 |
} elsif (($name =~ m#/dev/(pts/\d+)#)) {
|
|
Packit Service |
603f59 |
$tty = $1;
|
|
Packit Service |
603f59 |
} elsif (($name =~ m#/dev.*pts.*#)) {
|
|
Packit Service |
603f59 |
$d = oct($dev);
|
|
Packit Service |
603f59 |
$tty = sprintf("pts/%d", $d & 0xffff);
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
next;
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# Flush any stored file or process output.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
if ($pidst) { &save_proc }
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# List the shell processes that have rlogind/sshd/telnetd parents.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
$hdr = 0;
|
|
Packit Service |
603f59 |
foreach $pid (sort keys(%shcmd)) {
|
|
Packit Service |
603f59 |
$p = $pid;
|
|
Packit Service |
603f59 |
if (!defined($raddr{$pid})) {
|
|
Packit Service |
603f59 |
for ($ff = 0; !$ff && defined($Ppid{$p}); ) {
|
|
Packit Service |
603f59 |
$p = $Ppid{$p};
|
|
Packit Service |
603f59 |
if ($p < 2 || defined($raddr{$p})) { $ff = 1; }
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
} else { $ff = 2; }
|
|
Packit Service |
603f59 |
if ($ff && defined($raddr{$p})) {
|
|
Packit Service |
603f59 |
if (!$hdr) {
|
|
Packit Service |
603f59 |
printf "%-8.8s %-8.8s %6s %-10.10s %6s %-10.10s %s\n",
|
|
Packit Service |
603f59 |
"Login", "Shell", "PID", "Via", "PID", "TTY", "From";
|
|
Packit Service |
603f59 |
$hdr = 1;
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
printf "%-8.8s %-8.8s %6d %-10.10s %6s %-10.10s %s\n",
|
|
Packit Service |
603f59 |
$shlogin{$pid}, $shcmd{$pid}, $pid,
|
|
Packit Service |
603f59 |
($ff == 2) ? "(direct)" : $rcmd{$p},
|
|
Packit Service |
603f59 |
($ff == 2) ? "" : $p,
|
|
Packit Service |
603f59 |
($shtty{$pid} eq "") ? "(unknown)" : $shtty{$pid},
|
|
Packit Service |
603f59 |
$raddr{$p};
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
exit(0);
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# save_proc -- save process information
|
|
Packit Service |
603f59 |
# Values are stored inelegantly in global variables.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
sub save_proc {
|
|
Packit Service |
603f59 |
if (!defined($Ppid{$pid})) { $Ppid{$pid} = $ppid; }
|
|
Packit Service |
603f59 |
if ($faddr ne "") {
|
|
Packit Service |
603f59 |
$raddr{$pid} = $faddr;
|
|
Packit Service |
603f59 |
if (($cmd =~ /.*sh$/)) {
|
|
Packit Service |
603f59 |
$shcmd{$pid} = $cmd;
|
|
Packit Service |
603f59 |
$shlogin{$pid} = $login;
|
|
Packit Service |
603f59 |
} else { $rcmd{$pid} = $cmd; }
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
if ($tty ne "") {
|
|
Packit Service |
603f59 |
$shcmd{$pid} = $cmd;
|
|
Packit Service |
603f59 |
$shtty{$pid} = $tty;
|
|
Packit Service |
603f59 |
$shlogin{$pid} = $login;
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
# Clear variables.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
$cmd = $dev = $faddr = $pgrp = $pid = $ppid = $tty = "";
|
|
Packit Service |
603f59 |
$pidst = 0;
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
## isexec($path) -- is $path executable
|
|
Packit Service |
603f59 |
#
|
|
Packit Service |
603f59 |
# $path = absolute or relative path to file to test for executabiity.
|
|
Packit Service |
603f59 |
# Paths that begin with neither '/' nor '.' that arent't found as
|
|
Packit Service |
603f59 |
# simple references are also tested with the path prefixes of the
|
|
Packit Service |
603f59 |
# PATH environment variable.
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
sub
|
|
Packit Service |
603f59 |
isexec {
|
|
Packit Service |
603f59 |
my ($path) = @_;
|
|
Packit Service |
603f59 |
my ($i, @P, $PATH);
|
|
Packit Service |
603f59 |
|
|
Packit Service |
603f59 |
$path =~ s/^\s+|\s+$//g;
|
|
Packit Service |
603f59 |
if ($path eq "") { return(""); }
|
|
Packit Service |
603f59 |
if (($path =~ m#^[\/\.]#)) {
|
|
Packit Service |
603f59 |
if (-x $path) { return($path); }
|
|
Packit Service |
603f59 |
return("");
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
$PATH = $ENV{PATH};
|
|
Packit Service |
603f59 |
@P = split(":", $PATH);
|
|
Packit Service |
603f59 |
for ($i = 0; $i <= $#P; $i++) {
|
|
Packit Service |
603f59 |
if (-x "$P[$i]/$path") { return("$P[$i]/$path"); }
|
|
Packit Service |
603f59 |
}
|
|
Packit Service |
603f59 |
return("");
|
|
Packit Service |
603f59 |
}
|