File: chkwtmp.c

package info (click to toggle)
chkrootkit 0.58b-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 7,796 kB
  • sloc: sh: 187,089; ansic: 3,779; makefile: 103
file content (97 lines) | stat: -rw-r--r-- 2,294 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
/*
   Copyright (c) DFN-CERT, Univ. of Hamburg 1994

   Univ. Hamburg, Dept. of Computer Science
   DFN-CERT
   Vogt-Koelln-Strasse 30
   22527 Hamburg
   Germany

   02/20/97 - Minimal changes for Linux/FreeBSD port.
   Nelson Murilo, nmurilo@gmail.com
   09/07/00 - Ports for Solaris
   Andre Gustavo <gustavo@anita.visualnet.com.br>
   12/15/00 - Add -f option
   Nelson Murilo, nmurilo@gmail.com
   07/08/04 - fix del counter value (Thanks to Dietrich Raisin)
   Nelson Murilo, nmurilo@gmail.com
   09/12/05 - fix Segfault (Thanks to Jérémie Andréi)
   Nelson Murilo, nmurilo@gmail.com
*/

#include <stdio.h>

#if __FreeBSD__ > 9
int main (void){ fprintf(stderr,"Unsupported operating system\n"); return 1; }
#else

#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <utmp.h>
#include <time.h>
#include <sys/time.h>
#include <sys/file.h>
#ifdef SOLARIS2
#include <fcntl.h>
#endif
#include <stdlib.h>

#ifndef WTMP_FILENAME
#define WTMP_FILENAME "/var/log/wtmp"
#endif

void printit(int counter, long start, long end)
{
	char buffer[30];

	printf("%d deletion(s) between ", counter);
	strncpy(buffer, ctime( (time_t *) &start), 30);
	buffer[24]='\0';
	printf("%s and %s", buffer, ctime( (time_t *) &end));
}


int main(int argc, char* argv[]) {
	int		filehandle;
	struct utmp	utmp_ent;
	struct timeval	mytime;
	struct timezone	dummy;
	long		start_time, act_time;
	int		del_counter, t_del;
	char wtmpfile[128];

	del_counter=t_del=0;
	start_time=0;

	gettimeofday(&mytime, &dummy);
	act_time=mytime.tv_sec;
	wtmpfile[127]='\0';
	strncpy(wtmpfile, WTMP_FILENAME, 127);
	if ( argc == 3 && !memcmp("-f", argv[1], 2) && *argv[2] && strlen(argv[2])<127)
	  memcpy(wtmpfile, argv[2], strlen(argv[2])+1);

	if ((filehandle=open(wtmpfile,O_RDONLY)) < 0) {
		fprintf(stderr, "unable to open wtmp file %s\n", wtmpfile);
		return(2);
	}

	while (read (filehandle, (char *) &utmp_ent, sizeof (struct utmp)) > 0) {
		if (utmp_ent.ut_time == 0)
			del_counter++;
		else {
			if (del_counter) {
				printit(del_counter, start_time,
					utmp_ent.ut_time);
				t_del++;
				del_counter=0;
			}
			start_time=utmp_ent.ut_time;
		}
	}
	close(filehandle);
	if (del_counter)
		printit(del_counter, start_time, act_time);
	exit(t_del+del_counter > 0); // exit codes should be 0..255
}
#endif