开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > 中间件编程 > 查看源码
jin.c
资源名称:08.zip [点击查看]
上传用户:ynjin1970
上传日期:2014-10-13
资源大小:6438k
文件大小:11k
源码类别:

中间件编程

开发平台:

Visual C++

jin.c:源码内容
  1. /****************************************************************************
  2.  *
  3.  * NAME:   Jin Automated Filesystem Security Scanner
  4.  *
  5.  * DESCRIPTION:
  6.  * -Conducts a systematic scan of the local filesystem looking for common
  7.  *  security problems.  Two different levels of scanning are available,
  8.  *  and the output can be formatted as plain text.
  9.  *
  10.  * USAGE:
  11.  *   Jin [OPTIONS]... [SCANTYPE]
  12.  *
  13.  * Available options:
  14.  *   -r        Format output in a collated report style
  15.  *   -d        Include dynamic and device directories in the scan
  16.  *   --help    Display help and usage information
  17.  *
  18.  * Scan levels: normal, verbose
  19.  *
  20.  * Example Usage:
  21.  *   Jin -r verbose
  22.  *
  23.  ****************************************************************************/
  25. #include <sys/types.h>
  26. #include <sys/stat.h>
  27. #include <unistd.h>
  28. #include <stdio.h>
  29. #include <ftw.h>
  30. #include <string.h>
  31. #include <stdlib.h>
  32.                                                                                 
  33. struct Laven
  34. {
  35.   char path[128];
  36.   struct Laven *next;
  37. };
  38.                                                                                 
  39. void initStorage();
  40. int checkFile(const char*, const struct stat*, int);
  41. void outputReport();
  42.                                                                                 
  43.                                                                                 
  44.                                                                                 
  45. struct Laven *s_isuid, *s_isgid, *s_iwoth, *ds_iwoth;
  46. struct Laven *s_isuid_cur, *s_isgid_cur, *s_iwoth_cur, *ds_iwoth_cur;
  47. struct Laven *s_isvtx;
  48. struct Laven *s_isvtx_cur;
  49. struct Laven *temp;
  50. int normal, verbose, report, dynamic;
  51. void readd();
  52. void test(char *a);
  54.                                                                                 
  55.                                                                                 
  56. int main(int argc, char **argv)//接受命令行变元的参数
  57. {
  58.   int i;
  59.                                                                                 
  60.   //initialize
  61.   normal = 0;
  62.   verbose = 0;
  63.   report = 0;
  64.   dynamic = 0;
  65.                                                                                 
  66.   //if no command line arguments, assume default run
  67.   if (argc <= 1)
  68.     normal = 1;
  69.    //print help/usage info if requested
  70.   if ((argc > 1) && (strcmp(argv[1], "--help") == 0))
  71.   {
  72.     printf("Jin, an automated file system security scanning tool.n");
  73.     printf("Usage: Jin [OPTION]... [SCANTYPE]...nn");
  74.     printf("Options:n");
  75.     printf("  -d          Include dynamic directories in scan (/tmp /dev /proc /devices)n");
  76.     printf("  -r          Format output as a categorically sorted reportn");
  77.     printf("  --help      Display this help messagenn");
  78.     printf("Scan Types:n");
  79.     printf("  normal      Basic security scan (default)n");
  80.     printf("  verbose     Extended security scann");
  81.     exit(0);
  82.   }
  83.                                                                                 
  84.   //check for command line goodies
  85.   if (argc > 1)
  86.   {
  87.     for (i = 1; i < argc; i++)
  88.     {
  89.       if (strcmp(argv[i], "-r") == 0)
  90.             report = 1;
  91.       else if (strcmp(argv[i], "-d") == 0)
  92.         dynamic = 1;
  93.       else if (strcmp(argv[i], "normal") == 0)
  94.         normal = 1;
  95.       else if (strcmp(argv[i], "verbose") == 0)
  96.         verbose = 1;
  97.       else
  98.         {
  99.           printf("Jin: invalid optionn");
  100.           printf("Usage: Jin [OPTION]... [SCANTYPE]...nn");
  101.           printf("Try 'Jin --help' for more information.nn");
  102.           exit(1);
  103.         }
  104.     }
  105.   }
  106.                                                                                 
  107.   if (report)
  108.     initStorage();
  109.                                                                                 
  110.   nftw("/", checkFile, sysconf(_SC_OPEN_MAX) - 3, 1);//遍历目录函数
  112.   if (report)
  113.     outputReport();
  114.   readd();
  115.                                                                                 
  116. }
  117.                                                                                 
  118.                                                                                 
  119. int checkFile(const char *path, const struct stat *st, int flag)
  120. {
  121.   //produce no output if we're ignoring /dev, /tmp, and /proc
  122.   if (!dynamic)
  123.   {
  124.     if ((path[0] == '/') &&
  125.         (path[1] == 'd') &&
  126.         (path[2] == 'e') &&
  127.         (path[3] == 'v') &&
  128.         (path[4] == '/'))
  129.       return(0);
  130.     if ((path[0] == '/') &&
  131.         (path[1] == 't') &&
  132.         (path[2] == 'm') &&
  133.         (path[3] == 'p') &&
  134.         (path[4] == '/'))
  135.       return(0);
  136.     if ((path[0] == '/') &&
  137.         (path[1] == 'p') &&
  138.         (path[2] == 'r') &&
  139.         (path[3] == 'o') &&
  140.         (path[4] == 'c') &&
  141.         (path[5] == '/'))
  142.       return(0);
  143.     if ((path[0] == '/') &&
  144.         (path[1] == 'd') &&
  145.         (path[2] == 'e') &&
  146.         (path[3] == 'v') &&
  147.         (path[4] == 'i') &&
  148.         (path[5] == 'c') &&
  149.         (path[6] == 'e') &&
  150.         (path[7] == 's') &&
  151.         (path[8] == '/'))
  152.       return(0);
  153.   }
  154.                                                                                 
  155.   switch(flag)
  156.   {
  157.     case FTW_F://general files
  158.       //normal checks
  159.      if ((st->st_mode & S_ISUID) != 0)
  160.         if (report)
  161.         {
  162.           strcpy(s_isuid_cur->path, path);
  163.           temp = malloc(sizeof(struct Laven));
  164.           s_isuid_cur->next = temp;
  165.           s_isuid_cur = temp;
  166.           temp->next = NULL;
  167.         }
  168.         else
  169.           printf("SUID file: %sn", path);
  170.                                                                                 
  171.       if ((st->st_mode & S_ISGID) != 0)
  172.          if (report)
  173.          {
  174.            strcpy(s_isgid_cur->path, path);
  175.            temp = malloc(sizeof(struct Laven));
  176.            s_isgid_cur->next = temp;
  177.            s_isgid_cur = temp;
  178.            temp->next = NULL;
  179.          }
  180.          else
  181.           printf("SGID file: %sn", path);
  182.       if ((st->st_mode & S_IWOTH) != 0)
  183.          if (report)
  184.          {
  185.            strcpy(s_iwoth_cur->path, path);
  186.            temp = malloc(sizeof(struct Laven));
  187.            s_iwoth_cur->next = temp;
  188.            s_iwoth_cur = temp;
  189.            temp->next = NULL;
  190.          }
  191.          else
  192.           printf("World-writeable file: %sn", path);
  193.                                                                                 
  194.       //verbose checks
  195.       if (verbose)
  196.       {
  197.         if ((st->st_mode & S_ISVTX) != 0)
  198.            if (report)
  199.            {
  200.              strcpy(s_isvtx_cur->path, path);
  201.              temp = malloc(sizeof(struct Laven));
  202.              s_isvtx_cur->next = temp;
  203.              s_isvtx_cur = temp;
  204.              temp->next = NULL;
  205.            }
  206.            else
  207.             printf("Sticky file: %sn", path);
  208.       }
  209.       break;
  210.                                                                                 
  211.     case FTW_D:    //目录文件
  212.       //normal checks
  213.      if ((st->st_mode & S_IWOTH) != 0)
  214.         if (report)
  215.         {
  216.           strcpy(ds_iwoth_cur->path, path);
  217.           temp = malloc(sizeof(struct Laven));
  218.           ds_iwoth_cur->next = temp;
  219.           ds_iwoth_cur = temp;
  220.           temp->next = NULL;
  221.         }
  222.         else
  223.           printf("World-writeable directory: %sn", path);
  225.       break;
  226.   }                                                                    
  227.   return(0);
  228. }
  229.                                                                                 
  230.                                                                                 
  231. void initStorage()
  232. {
  233.   s_isuid = malloc(sizeof(struct Laven));
  234.   s_isuid_cur = s_isuid;
  235.   s_isuid->next = NULL;
  236.                                                                                 
  237.   s_isgid = malloc(sizeof(struct Laven));
  238.   s_isgid_cur = s_isgid;
  239.    s_isgid->next = NULL;
  240.                                                                                 
  241.   s_iwoth = malloc(sizeof(struct Laven));
  242.   s_iwoth_cur = s_iwoth;
  243.   s_iwoth->next = NULL;
  244.                                                                                 
  245.   ds_iwoth = malloc(sizeof(struct Laven));
  246.   ds_iwoth_cur = ds_iwoth;
  247.   ds_iwoth->next = NULL;
  248.                                                                                 
  249.   if (verbose)
  250.   {
  251.     s_isvtx = malloc(sizeof(struct Laven));
  252.     s_isvtx_cur = s_isvtx;
  253.     s_isvtx->next = NULL;
  254.    }                                                      
  255. }
  258. void outputReport()
  259. {
  260.  FILE *fp;
  261.   fp=fopen("result.txt","w");
  262.   if(fp==NULL)
  263.    {perror("results.txt");
  264.     exit(1);
  265.     }
  266.  // fprintf(fp,"n");
  267. //  fprintf(fp,"                       Results Fromn");
  268. //  fprintf(fp,"         Jin Automated Filesystem Security Scannern");
  269.                                                                                 
  270.   //output SUID file list
  271. //  fprintf(fp,"nnSUID Filesn");
  272. //  fprintf(fp,"-----------------------------------------------------------------n");
  273.   s_isuid_cur = s_isuid;
  274.   while (s_isuid_cur->next != NULL)
  275.   {
  276.    fprintf(fp,"%sn", s_isuid_cur->path);
  277.     temp = s_isuid_cur;
  278.     s_isuid_cur = s_isuid_cur->next;
  279.     free(temp);
  280.   }
  281.                                                                                 
  282.   //output SGID file list
  283. //  fprintf(fp,"nnSGID Filesn");
  284. //  fprintf(fp,"-----------------------------------------------------------------n");
  285.   s_isgid_cur = s_isgid;
  286.   while (s_isgid_cur->next != NULL)
  287.    {
  288.     fprintf(fp,"%sn", s_isgid_cur->path);
  289.     temp = s_isgid_cur;
  290.     s_isgid_cur = s_isgid_cur->next;
  291.     free(temp);
  292.   }
  293.                                                                                 
  294.   //output "sticky" files
  295.   if (verbose)
  296.   {
  297.   //  fprintf(fp,"nn"Sticky" Filesn");
  298.   //  fprintf(fp,"-----------------------------------------------------------------n");
  299.     s_isvtx_cur = s_isvtx;
  300.     while (s_isvtx_cur->next != NULL)
  301.     {
  302.       fprintf(fp,"%sn", s_isvtx_cur->path);
  303.       temp = s_isvtx_cur->next;
  304.       s_isvtx_cur = s_isvtx_cur->next;
  305.       free(temp);
  306.      }
  307.    }
  308.  fclose(fp);
  309. }
  310.      
  312. void readd()
  313. {FILE *fp;
  314. char a[100];
  315. char ch;
  316. int i=0;
  317. if((fp=fopen("result.txt","r"))==NULL)
  318. {printf("file can't open!n");
  319. }
  320. while((ch=fgetc(fp))!=EOF)
  321. {if(ch!='n')
  322.  a[i++]=ch;
  323. else
  324. {a[i]='';
  325. test(a);  
  326. i=0;
  327. }
  328. }
  329. fclose(fp);
  330. }
  335. void test(char *a)
  336. {
  337. int i=7,j=0;
  338. char d[100];
  339. d[0]='m';
  340. d[1]='d';
  341. d[2]='5';
  342. d[3]='s';
  343. d[4]='u';
  344. d[5]='m';
  345. d[6]=' ';
  346. while(a[j]!='')
  347. d[i++]=a[j++];
  348. d[i]='';
  349. system(d);
  350. }
  352.