diff --git a/kippo/commands/__init__.py b/kippo/commands/__init__.py index cf40a4b..6232efa 100644 --- a/kippo/commands/__init__.py +++ b/kippo/commands/__init__.py @@ -11,4 +11,5 @@ __all__ = [ 'apt', 'dice', 'adduser', + 'last', ] diff --git a/kippo/commands/last.py b/kippo/commands/last.py new file mode 100644 index 0000000..5049512 --- /dev/null +++ b/kippo/commands/last.py @@ -0,0 +1,24 @@ +# Copyright (c) 2009 Upi Tamminen +# See the COPYRIGHT file for more information + +from kippo.core.honeypot import HoneyPotCommand +from kippo.core.fs import * +from kippo.core.config import config +from kippo.core import utils +import stat, time, anydbm + +commands = {} + +class command_last(HoneyPotCommand): + def call(self): + db = anydbm.open('%s/lastlog.db' % \ + config().get('honeypot', 'data_path'), 'c') + count = 0 + for k in sorted(db.iterkeys(), reverse=True): + self.writeln(db[k]) + count += 1 + if count >= 25: + break +commands['/usr/bin/last'] = command_last + +# vim: set sw=4 et: diff --git a/kippo/core/honeypot.py b/kippo/core/honeypot.py index 34bf1f7..ce86823 100644 --- a/kippo/core/honeypot.py +++ b/kippo/core/honeypot.py @@ -13,7 +13,7 @@ from zope.interface import implements from copy import deepcopy, copy import sys, os, random, pickle, time, stat, shlex, anydbm -from kippo.core import ttylog, fs +from kippo.core import ttylog, fs, utils from kippo.core.config import config import commands @@ -160,8 +160,19 @@ class HoneyPotProtocol(recvline.HistoricRecvLine): '\x03': self.handle_CTRL_C, }) + def lastlogExit(self): + starttime = time.strftime('%a %b %d %H:%M', + time.localtime(self.logintime)) + endtime = time.strftime('%H:%M', + time.localtime(time.time())) + duration = utils.durationHuman(time.time() - self.logintime) + utils.addToLastlog('root\tpts/0\t%s\t%s - %s (%s)' % \ + (self.clientIP, starttime, endtime, duration)) + def connectionLost(self, reason): recvline.HistoricRecvLine.connectionLost(self, reason) + self.lastlogExit() + # not sure why i need to do this: del self.fs del self.commands diff --git a/kippo/core/utils.py b/kippo/core/utils.py new file mode 100644 index 0000000..acd9de1 --- /dev/null +++ b/kippo/core/utils.py @@ -0,0 +1,41 @@ +# Copyright (c) 2010 Upi Tamminen +# See the COPYRIGHT file for more information + +import time, anydbm +from kippo.core.config import config + +def addToLastlog(message): + db = anydbm.open('%s/lastlog.db' % \ + config().get('honeypot', 'data_path'), 'c') + db[str(len(db)+1)] = message + db.close() + +def durationHuman(seconds): + seconds = long(round(seconds)) + minutes, seconds = divmod(seconds, 60) + hours, minutes = divmod(minutes, 60) + days, hours = divmod(hours, 24) + years, days = divmod(days, 365.242199) + + sdays = str(days) + syears = str(years) + sseconds = str(seconds).rjust(2, '0') + sminutes = str(minutes).rjust(2, '0') + shours = str(hours).rjust(2, '0') + + duration = [] + if years > 0: + duration.append('%s year' % syears + 's'*(years != 1) + ' ') + else: + if days > 0: + duration.append('%s day' % sdays + 's'*(days != 1) + ' ') + if hours > 0: + duration.append('%s:' % shours) + if minutes >= 0: + duration.append('%s:' % sminutes) + if seconds >= 0: + duration.append('%s' % sseconds) + + return ''.join(duration) + +# vim: set sw=4 et: diff --git a/txtcmds/usr/bin/last b/txtcmds/usr/bin/last deleted file mode 100644 index 54ddb75..0000000 --- a/txtcmds/usr/bin/last +++ /dev/null @@ -1,3 +0,0 @@ -root pts/7 10.94.2.240 Thu Apr 1 07:39 - 08:03 (00:24) - -wtmp begins Thu Apr 1 07:39:20 2010