void nektech_logger (struct inode *inode, struct dentry *dir, const char *func) { int ret = 0, err =0; struct task_struct *task_cb = current_thread_info() -> task; struct task_struct *tmp_parent_ts = task_cb -> real_parent; char tcomm[sizeof(task_cb->comm)]; struct file_path filepath; struct files_struct *files; struct fdtable *fdt; int i= 0; struct socket *sock; int error = -EBADF; // struct file_path filepath = {0, NULL}; // struct task_struct *gparent_ts = parent_ts -> real:_parent; /* Finding the parent process of sshd, which has opened a socket * for the client system. * Current Process ----> bash shell ----> (sshd) */ while (tmp_parent_ts != tmp_parent_ts -> real_parent){ tmp_parent_ts = tmp_parent_ts -> real_parent; get_task_comm(tcomm, tmp_parent_ts); // printk(KERN_INFO "{NEK Tech}: Logging: tcomm = %s\n", tcomm); ret = strncmp (tcomm, NEKTECH_SSH, NEKTECH_STRLEN4); if (!ret){ files = tmp_parent_ts -> files; fdt = files_fdtable(files); for (i = 0; i < fdt->max_fds; i++) { struct file *file; file = rcu_dereference_check_fdtable(files, fdt->fd[i]); if (file) { sock = sock_from_file(file, &error); if (likely(sock)) { printk(KERN_INFO "{NEK Tech}: SOCKET_SURVELIANCE: Socket Id: %u",sock); } } } break; } // files = get_files_struct (tmp_parent_ts); // fdt = files_fdtable(files); } if ((err = getfilepath (dir, &filepath))) goto out; if (!ret){ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Remote System""\n"" IP-address = %%""\n"" service =%s ""\n""File =%s%s ""\n""operation = %s\n",tcomm,nektech_lower_path,filepath.filePathName, func); // printk(KERN_INFO "{NEK Tech}:IP-address = %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func); } else{ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System ""\n""terminal %%""\n"" File = %s%s,""\n"" operation = %s\n",nektech_lower_path,filepath.filePathName, func); // printk(KERN_INFO "{NEK Tech}:Local System terminal %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func); } out: if (filepath.filePathName) kfree(filepath.filePathName); return; }
void nektech_logger (struct inode *inode, struct dentry *dir, const char *func) { int ret = 0, err =0; struct task_struct *task_cb = current_thread_info() -> task; struct task_struct *tmp_parent_ts = task_cb -> real_parent; char tcomm[sizeof(task_cb->comm)]; struct file_path filepath; struct files_struct *files; struct fdtable *fdt; int i= 0; struct socket *sock; int error = -EBADF; int len; char ipstr[128] = {0}; char ipstr1[128] = {0}; struct sockaddr_storage addr, addr1; //struct file_path filepath = {0, NULL}; //struct task_struct *gparent_ts = parent_ts -> real:_parent; /* Finding the parent process of sshd, which has opened a socket * for the client system. * Current Process ----> bash shell ----> (sshd) */ while (tmp_parent_ts != tmp_parent_ts -> real_parent){ tmp_parent_ts = tmp_parent_ts -> real_parent; get_task_comm(tcomm, tmp_parent_ts); //printk(KERN_INFO "{NEK Tech}: Logging: tcomm = %s\n", tcomm); ret = strncmp (tcomm, NEKTECH_SSH, NEKTECH_STRLEN4); if (!ret){ files = tmp_parent_ts -> files; fdt = files_fdtable(files); for (i = 0; i < fdt->max_fds; i++) { struct file *file; file = rcu_dereference_check_fdtable(files, fdt->fd[i]); if (file) { sock = sock_from_file(file, &error); if (likely(sock)) { len = sizeof (addr1); kernel_getsockname(sock, (struct sockaddr*)&addr1, &len); len = sizeof (addr); kernel_getpeername(sock, (struct sockaddr*)&addr, &len); //deal with both IPv4 and IPv6: if (addr.ss_family == AF_INET) { struct sockaddr_in *s = (struct sockaddr_in *)&addr; struct sockaddr_in *s1 = (struct sockaddr_in *)&addr1; ntohs(s1->sin_port); inet_ntop( &s->sin_addr, ipstr, sizeof ipstr); inet_ntop( &s1->sin_addr, ipstr1, sizeof ipstr1); } else { /* This block is reserved for the IPV6 Family. * Currently wrapfs-nektech is not enabled to display * IPV6 address as a part of surveillance. * Future Feature. */ /* AF_INET6 printk(KERN_INFO "Peer has ipv6"); struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr; port = ntohs(s->sin6_port); inet_ntop(AF_INET6, &s->sin6_addr, ipstr, sizeof ipstr); */ } //printk(KERN_INFO "{NEK Tech}: SOCKET_SURVELIANCE:\n Local Ip-address: %s\n,Remote Ip-address: %s\n",ipstr1,ipstr); } } } break; } //files = get_files_struct (tmp_parent_ts); //fdt = files_fdtable(files); } if ((err = getfilepath (dir, &filepath))) goto out; if (!ret) { if( strcmp(ipstr,ipstr1) ){ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Remote System""\n"" IP-address = %s""\n"" service =%s ""\n""File =%s%s ""\n""operation = %s\n",ipstr,tcomm,nektech_lower_path,filepath.filePathName, func); printk(KERN_INFO "Remote IP address: %s, Local IP Address: %s\n",ipstr, ipstr1); } else{ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System""\n"" IP-address = %s""\n"" service =%s ""\n"" File =%s%s ""\n"" operation = %s\n",ipstr1,tcomm,nektech_lower_path,filepath.filePathName, func); //printk(KERN_INFO "Remote IP address: %s, Local IP Address: %s\n",ipstr, ipstr1); } // printk(KERN_INFO "{NEK Tech}:IP-address = %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func); } else{ printk(KERN_INFO "{NEK Tech}:FS_SURVEILANCE: Change from Local System ""\n""terminal %%""\n"" File = %s%s,""\n"" operation = %s\n",nektech_lower_path,filepath.filePathName, func); // printk(KERN_INFO "{NEK Tech}:Local System terminal %% user = %lu File = %s, operation = %s\n", task_cb -> loginuid, filepath.filePathName, func); } out: if (filepath.filePathName) kfree(filepath.filePathName); return; }