[logs] Login tracking on the cheap
Ron A. Dilley
rdilley at amgen.com
Mon Aug 20 11:56:09 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Long time reader, first time poster:
Here is a simple prog that can be run out of the login script to track
who it on what IP/Mac and when.
Syslog sucks, but that does not mean that we should not use it.
Marcus, please note the absence of autoconf . . .
Ron
- -----
/*****
report.c - description
-------------------
begin : Tue Aug 8 15:35:14 PDT 2006
copyright : (C) 2006 by Ron Dilley
email : ron.dilley at gmail.com
compile as follows
gcc -o reporter report.c -lwsock32 -lnetapi32 -lws2_32
*****/
/*****
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*****/
/****
*
* includes
*.
****/
#include "windows.h"
#include "wincon.h"
#include "stdlib.h"
#include "stdio.h"
#include "winsock2.h"
#include "time.h"
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"netapi32")
#pragma comment(lib,"wsock32")
/****
*
* local variables
*
****/
PRIVATE char *cvsid = "$Id$";
/****
*
* global variables
*
****/
ASTAT Adapter;
/****
*
* external variables
*
****/
/****
*
* typdefs and structs
*
****/
typedef struct _ASTAT_ {
ADAPTER_STATUS adapt;
NAME_BUFFER NameBuff[30];
} ASTAT, *PASTAT;
/****
*
* main function
*
****/
int main( int argc,char ** argv ) {
DWORD hostNameLen = MAX_COMPUTERNAME_LENGTH;
char *hostName;
DWORD userNameLen = MAX_COMPUTERNAME_LENGTH;
char *userName;
NCB Ncb;
UCHAR uRetCode;
char NetName[50];
SOCKADDR_IN SockAddr;
WSADATA WSAData;
SOCKET sock;
SOCKADDR_IN addr_in;
short port = 514;
char sendBuf[1025];
userName = malloc( sizeof( char * ) * userNameLen + 1);
hostName = malloc( sizeof( char * ) * hostNameLen + 1);
/* initializes windows sockets */
if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0) {
printf("WSAStartup error.Error:%d\n",WSAGetLastError());
return;
}
/* setup a netbios reset */
memset( &Ncb, 0, sizeof( Ncb ) );
Ncb.ncb_command = NCBRESET;
Ncb.ncb_lana_num = 0;
/* reset */
uRetCode = Netbios( &Ncb );
/* setup a netbios stat */
memset( &Ncb, 0, sizeof( Ncb ) );
Ncb.ncb_command = NCBASTAT;
Ncb.ncb_lana_num = 0;
strcpy( Ncb.ncb_callname, "* " );
Ncb.ncb_buffer = (char *)&Adapter;
Ncb.ncb_length = sizeof( Adapter );
/* stat, now we have the MAC */
uRetCode = Netbios( &Ncb );
/* get the local user and computer name */
GetUserName( userName, &userNameLen );
GetComputerName( hostName, &hostNameLen );
/* setup socket for outbound syslog packet */
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(port);
addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);
/* open the socket */
if ((sock=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP))==INVALID_SOCKET) {
printf("Socket failed.Error:%d\n",WSAGetLastError());
return;
}
/* connect to the windows socket */
if(WSAConnect(sock,(struct sockaddr
*)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCKET_ERROR) {
printf("Connect failed.Error:%d",WSAGetLastError());
return;
}
/* create the syslog messages */
sprintf( sendBuf, "<86>winLoginTracker: %s logged in from %s
[%02x.%02x.%02x.%02x.%02x.%02x]",
userName,
hostName,
Adapter.adapt.adapter_address[0],
Adapter.adapt.adapter_address[1],
Adapter.adapt.adapter_address[2],
Adapter.adapt.adapter_address[3],
Adapter.adapt.adapter_address[4],
Adapter.adapt.adapter_address[5] );
/* send the message */
if (send(sock,sendBuf,strlen( sendBuf ),0)==SOCKET_ERROR) {
printf("Send failed.Error:%d\n",WSAGetLastError());
return;
}
/* cleanup */
close( sock );
free( hostName );
free( userName );
/* go away */
exit;
}
- -----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFGyePJBV1UGXHmxCQRAphWAJ9C4fRVaskusR1Ihk6o39tufwEhuQCfSxA8
dIVIyplIdc3ncofl2O/Y3+c=
=QP6U
-----END PGP SIGNATURE-----
More information about the LogAnalysis
mailing list