There is a task to detect successful and unsuccessful login attempts from a linux C++ application.
What is the best way to do it?
I've only found 2 ways:
1) Check /var/logs/secure by timeout
2) Use inotify on /var/logs/secure
But there is an issue, that two or more unsuccessful login attemts in /var/logs/secure look like "PAM 2 more authentication failures" and this string is not appeared in a moment of unsuccessful login.
On a decent system, /var/log/wtmp and /var/log/btmp are a best locations to check. Glibc provide functions to make its access easier: getutxent, getutxid, getutxline, etc...
Also check behaviour of utmpdump -f /var/log/wtmp, it very close of what you want (decode wtmp and follow new events).
None of the above. It's actually much simpler:
1) Open the file
2) call read() in non-blocking mode over and over to read the data.
3) If you get -EWOULDBLOCK, then do a select(). If data is ready to read, go back to step 2.
4) If the select times out (let's say 1 second timeout), check if the file has been rotated. (Simple way: Check the ctime on the new file. But there's probably a better way. Take a look at tail -F sources..) If a new file has been created, call close() and go to 1. Otherwise, go to 3.
Also, take a look at fail2ban.
Related
I wrote a bit of code that reads/writes stuff...
I would like to add an option to read/write to UNC paths.
A bit of code:
if (boost::filesystem::exists (file_name))
{
std::ifstream in_file(file_name.c_str(), std::ios::in|std::ios::binary|std::ios::ate);
if(in_file.is_open())
{
in_file.read(...);
in_file.close();
}
}
If the network share I am trying to use has been used before, this works.
But if I try with a share from a computer that I have not seen before, I get error:
boost::filesystem::status: Logon failure: unknown user name or bad password: "\\xx\test.txt"
I'd like to avoid the exception, check the boost::filesystem::status for... what ? Looking in documentation, it seems that it can tell me if I have a regular file, or a directory... but how can I check if I have the correct permissions ?
Is there a way to actually send in the user name and password ?
Edit: found that I could call
Net Use \\yourUNC\path /user:uname password
also:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa375187(v=vs.85).aspx
I think either of these would make the code platform dependent ?
Also, if I do log in every time - in a sequence of 10000 calls, this would result in serious slowing down ?
Is there any way to check if the user is logged in ?
Note: I am using boost 1.47 - mostly windows but I'd like to be platform independent.
Thank you.
The only way I found that I can check rights was to try... catch surrounding a check for file exist call.
If the try fails, it means I don't have rights and can call system("Net Use...")
This way, I only have to log in once even if I read/write 10,000 files...
I don't like the fact that I have to use try... catch, if there is a better way, and I'll find it, I'll update - if anyone knows of a better way, please let me know.
I've got a series of cpp source file and I want to write another program to JUDGE if they can run correctly (give input and compare their output with standart output) . so how to:
call/spawn another program, and give a file to be its standard input
limit the time and memory of the child process (maybe setrlimit thing? is there any examples?)
donot let the process to read/write any file
use a file to be its standard output
compare the output with the standard output.
I think the 2nd and 3rd are the core part of this prob. Is there any way to do this?
ps. system is Linux
To do this right, you probably want to spawn the child program with fork, not system.
This allows you to do a few things. First of all, you can set up some pipes to the parent process so the parent can supply the input to the child, and capture the output from the child to compare to the expected result.
Second, it will let you call seteuid (or one of its close relatives like setreuid) to set the child process to run under a (very) limited user account, to prevent it from writing to files. When fork returns in the parent, you'll want to call setrlimit to limit the child's CPU usage.
Just to be clear: rather than directing the child's output to a file, then comparing that to the expected output, I'd capture the child's output directly via a pipe to the parent. From there the parent can write the data to a file if desired, but can also compare the output directly to what's expected, without going through a file.
std::string command = "/bin/local/app < my_input.txt > my_output_file.txt 2> my_error_file.txt";
int rv = std::system( command.c_str() );
1) The system function from the STL allows you to execute a program (basically as if invoked from a shell). Note that this approach is inherenly insecure, so only use it in a trusted environment.
2) You will need to use threads to be able to achieve this. There are a number of thread libraries available for C++, but I cannot give you recommendation.
[After edit in OP's post]
3) This one is harder. You either have to write a wrapper that monitors read/write access to files or do some Linux/Unix privilege magic to prevent it from accessing files.
4) You can redirect the output of a program (that it thinks goes to the standard output) by adding > outFile.txt after the way you would normally invoke the program (see 1)) -- e.g. otherapp > out.txt
5) You could run diff on the saved file (from 3)) to the "golden standard"/expected output captured in another file. Or use some other method that better fits your need (for example you don't care about certain formatting as long as the "content" is there). -- This part is really dependent on your needs. diff does a basic comparing job well.
I have a C++ program which is mainly used for video processing. Inside the program, I am launching the system command in order to obtain pass the processed videos to some other binaries to postprocess them.
I have a while loop towards infinite and I am launching the system command inside the loop every time. The thing is that at a certain point I am receiving the -1 return code from the system command. What could be the reason for that?
Inside the system command I am just calling a binary file with the adequate parameters from the main project.
The system command which I want to execute is actually a shell file.
In this file I am extracting the main feature from the video and passing them through a SVM model from a 3D party library in order to obtain the the desired classification.
./LiveGestureKernel ./Video ./SvmVideo
./mat4libsvm31 -l SvmVideoLabels < SvmVideo > temp_test_file
./svm-predict temp_test_file svm_model temp_output_file
cat < temp_output_file
rm -f temp_*
After a certain number of iterations through the while loop, it just won't execute the script file and I cannot figure out the reason for this. Thanks!
If you get -1 from the call to system(), you should first examine the contents of errno - that will most likely tell you what your specific problem is.
The one thing to watch out for is that the return value from system is an implementation-defined one in the case where you pass it a non-NULL command, so it's possible that -1 may be coming from your actual executable.
Your best bet in that case is to print out (or otherwise log) the command being executed on failure (and possibly all the time), so that you can check what happens with the same arguments when you execute it directly from a command line or shell.
I am using Qsettings for non gui products to store its settings into xml files. This is written as a library which gets used in C, C++ programs. There will be 1 xml file file for each product. Each product might have more than one sub products and they are written into xml by subproduct grouping as follows -
File: "product1.xml"
<product1>
<subproduct1>
<settings1>..</settings1>
....
<settingsn>..</settingsn>
</subproduct1>
...
<subproductn>
<settings1>..</settings1>
....
<settingsn>..</settingsn>
</subproductn>
</product1>
File: productn.xml
<productn>
<subproduct1>
<settings1>..</settings1>
....
<settingsn>..</settingsn>
</subproduct1>
...
<subproductn>
<settings1>..</settings1>
....
<settingsn>..</settingsn>
</subproductn>
</productn>
The code in one process does the following -
settings = new QSettings("product1.xml", XmlFormat);
settings.setValue("settings1",<value>)
sleep(20);
settings.setValue("settings2", <value2>)
settings.sync();
When the first process goes to sleep, I start another process which does the following -
settings = new QSettings("product1.xml", XmlFormat);
settings.remove("settings1")
settings.setValue("settings3", <value3>)
settings.sync();
I would expect the settings1 to go away from product1.xml file but it still persist in the file - product1.xml at the end of above two process. I am not using QCoreApplication(..) in my settings library. Please point issues if there is anything wrong in the above design.
This is kind of an odd thing that you're doing, but one thing to note is that the sync() call is what actually writes the file to disk. In this case if you want your second process to actually see the changes you've made, then you'll need to call sync() before your second process accesses the file in order to guarantee that it will actually see your modifications. Thus I would try putting a settings.sync() call right before your sleep(20)
Maybe you have to do delete settings; after the sync() to make sure it is not open, then do the writing in the other process?
Does this compile? What implementation of XmlFormat are you using and which OS? There must be some special code in your project for storing / reading to and from Xml - there must be something in this code which works differently from what you expect.
What is the fastest method in C++, to read a new line from a file which is written by another process. Or how my program can be notified that there is a new line in file so read it? (in linux)
The fastest method is to use pipes or events (for Windows apps).
If you still want use files, first of all that you really need, making sure, that a file has been really modified (use seek and compare it with prew value). Than go to the 'last val of seek' and read it.
And it will be better use mutex (if you read data from file).
Assuming the OS supports concurrent file access, all you should need to do is seek to EOF, wait for the stat to change then try to read from the file. You might want to add in a sleep to slow down the loop.
The 'tail' command on POISX (with the -f option) implements this - source code is available.
From the top of my head, did u tried something like this:
Count the lines in a file, store it.
Get the size of the file (google it, i dont want to ruin the fun :D ).
Then try to read from the last line u stored when size of the file changes... and again and again.
Have fun :)
Use inotify to get notification about file changes and then reread from your last pos if the file is now larger then before.