From 2ddbb85494cc5c2db2aa086ca23367542249f0b2 Mon Sep 17 00:00:00 2001 From: mivirl <> Date: Mon, 5 Feb 2024 09:41:51 -0600 Subject: [PATCH] client: Use global variables for configuration Use global variables for $name, $key so they don't need to be entered on every line used for configuring files and commands to be monitored --- src/client.pl | 85 +++++++++++++++++++++++++++------------------------ 1 file changed, 45 insertions(+), 40 deletions(-) diff --git a/src/client.pl b/src/client.pl index 3380507..16bae4c 100644 --- a/src/client.pl +++ b/src/client.pl @@ -10,13 +10,21 @@ my $server_port = 46515; # See what's sent and monitored at the bottom of the script +# Handle SIGINT my @child_processes; - sub stop_child_processes { kill 'INT', @child_processes; } $SIG{'INT'} = 'stop_child_processes'; + +# Register client with server +my ($hostname) = ns_system('./busybox', 'hostname'); +my ($clientName, $clientKey) = register($hostname); + + +# ------------------------------------------------------------------------------ + sub print_log { my @lines = @_; my $timestamp = strftime "%Y-%m-%d %H:%M:%S", localtime; @@ -98,7 +106,6 @@ sub register { } sub login { - my ($clientName, $clientKey) = @_; my $socket = connect_to_server; my $response = ""; $socket->send("login\n"); @@ -119,7 +126,6 @@ sub login { } sub send_info { - my ($clientName, $clientKey) = @_; my $socket = login($clientName, $clientKey); my $info = join "", ns_system('./busybox', 'sh', '-c', 'hostname; date; uname -a; lspci; lsusb; ifconfig'); $socket->send("info\n"); @@ -129,7 +135,7 @@ sub send_info { } sub send_log { - my ($clientName, $clientKey, $file) = @_; + my ($file) = @_; my $pid = fork; if ($pid) { push @child_processes, $pid; @@ -153,7 +159,6 @@ sub send_log { } sub send_processes { - my ($clientName, $clientKey) = @_; my $pid = fork; if ($pid) { push @child_processes, $pid; @@ -174,7 +179,7 @@ sub send_processes { } sub send_command_output { - my ($clientName, $clientKey, $name, @command) = @_; + my ($name, @command) = @_; my $pid = fork; if ($pid) { push @child_processes, $pid; @@ -197,7 +202,7 @@ sub send_command_output { } sub send_file { - my ($clientName, $clientKey, $file) = @_; + my ($file) = @_; my $pid = fork; if ($pid) { push @child_processes, $pid; @@ -238,22 +243,23 @@ sub send_file { } sub watch_directory { + my ($dir) = @_; my $pid = fork; if ($pid) { push @child_processes, $pid; return; } - my ($clientName, $clientKey, $dir) = @_; my $monitor = ns_systemFH('./inotifywait', '-r', '-m', '-e', 'close_write', '--format', '%w%f', $dir); while (<$monitor>) { chomp; - send_file($clientName, $clientKey, $_); + print "Watch found: $_\n"; + send_file($_); } exit; } sub capture_packets { - my ($clientName, $clientKey) = @_; + #my ($clientName, $clientKey) = @_; my $pid = fork; if ($pid) { push @child_processes, $pid; @@ -263,40 +269,39 @@ sub capture_packets { exit; } -my ($hostname) = ns_system('./busybox', 'hostname'); -my ($name, $key) = register($hostname); -send_info($name, $key); +send_info(); +send_processes(); # Files, logs, and commands to send to the server # ------------------------------------------------------------------------------ # These files will have their contents sent as they are updated -send_log($name, $key, '/var/log/secure'); -send_log($name, $key, '/var/log/auth.log'); -send_log($name, $key, '/var/log/cron'); -send_log($name, $key, '/var/log/messages'); -send_log($name, $key, '/var/log/syslog'); +send_log('/var/log/secure'); +send_log('/var/log/auth.log'); +send_log('/var/log/cron'); +send_log('/var/log/messages'); +send_log('/var/log/syslog'); foreach my $logfile (get_files_recursively('/var/log')) { - send_log($name, $key, $logfile); + send_log($logfile); } # These files will be sent once -send_file($name, $key, '/etc/crontab'); # Scheduled jobs -send_file($name, $key, '/etc/group'); # Group list -send_file($name, $key, '/etc/hosts'); # IP -> hostnames -send_file($name, $key, '/etc/hosts.allow'); # Allowed hosts -send_file($name, $key, '/etc/hosts.deny'); # Denied hosts -send_file($name, $key, '/etc/inetd.conf'); # Internet service daemon configuration -send_file($name, $key, '/etc/logrotate.conf'); # Control log rotation -send_file($name, $key, '/etc/passwd'); # User list -send_file($name, $key, '/etc/securetty'); # TTY's allowing root login -send_file($name, $key, '/etc/shadow'); # User passwords -send_file($name, $key, '/etc/sudoers'); # Users who can run commands as another user (including root) -send_file($name, $key, '/etc/sysctl.conf'); # Kernel options -send_file($name, $key, '/etc/syslog.conf'); # Syslog configuration -send_file($name, $key, '/var/log/lastlog'); # Previously logged in users -send_file($name, $key, '/var/log/wmtp'); # Current logged in users +send_file('/etc/crontab'); # Scheduled jobs +send_file('/etc/group'); # Group list +send_file('/etc/hosts'); # IP -> hostnames +send_file('/etc/hosts.allow'); # Allowed hosts +send_file('/etc/hosts.deny'); # Denied hosts +send_file('/etc/inetd.conf'); # Internet service daemon configuration +send_file('/etc/logrotate.conf'); # Control log rotation +send_file('/etc/passwd'); # User list +send_file('/etc/securetty'); # TTY's allowing root login +send_file('/etc/shadow'); # User passwords +send_file('/etc/sudoers'); # Users who can run commands as another user (including root) +send_file('/etc/sysctl.conf'); # Kernel options +send_file('/etc/syslog.conf'); # Syslog configuration +send_file('/var/log/lastlog'); # Previously logged in users +send_file('/var/log/wmtp'); # Current logged in users foreach my $logfile (get_files_recursively('/etc/pam.d'), get_files_recursively('/etc/rc/init.d'), @@ -305,17 +310,17 @@ foreach my $logfile (get_files_recursively('/etc/pam.d'), get_files_recursively('/etc/sysconfig'), get_files_recursively('/etc/cron*'), get_files_recursively('/etc/init.d')) { - send_file($name, $key, $logfile); + send_file($logfile); } # These commands will have their output sent as they are updated -send_command_output($name, $key, 'journalctl', 'journalctl', '-f'); +send_command_output('journalctl', 'journalctl', '-f'); # These directories and their subdirectories will be watched and any new/modified files will be sent -watch_directory($name, $key, '/tmp'); -watch_directory($name, $key, '/dev/shm'); -watch_directory($name, $key, '/home'); -watch_directory($name, $key, '/etc'); +watch_directory('/tmp'); +watch_directory('/dev/shm'); +watch_directory('/home'); +watch_directory('/etc'); # ------------------------------------------------------------------------------ -- 2.39.5