Issue #16:

Last 25 users connecting to honeypot will be seen using 'last'.
anydbm database, logs all in a last-like format.

(by jfbethlehem)



git-svn-id: https://kippo.googlecode.com/svn/trunk@140 951d7100-d841-11de-b865-b3884708a8e2

kippo/commands/__init__.py

@@ -11,4 +11,5 @@ __all__ = [
     'apt',
     'dice',
     'adduser',
+    'last',
     ]

kippo/commands/last.py

@@ -0,0 +1,24 @@
+# Copyright (c) 2009 Upi Tamminen <desaster@gmail.com>
+# See the COPYRIGHT file for more information
+
+from kippo.core.honeypot import HoneyPotCommand
+from kippo.core.fs import *
+from kippo.core.config import config
+from kippo.core import utils
+import stat, time, anydbm
+
+commands = {}
+
+class command_last(HoneyPotCommand):
+    def call(self):
+        db = anydbm.open('%s/lastlog.db' % \
+            config().get('honeypot', 'data_path'), 'c')
+        count = 0
+        for k in sorted(db.iterkeys(), reverse=True):
+            self.writeln(db[k])
+            count += 1
+            if count >= 25:
+                break
+commands['/usr/bin/last'] = command_last
+
+# vim: set sw=4 et:

kippo/core/honeypot.py

@@ -13,7 +13,7 @@ from zope.interface import implements
 from copy import deepcopy, copy
 import sys, os, random, pickle, time, stat, shlex, anydbm
 
-from kippo.core import ttylog, fs
+from kippo.core import ttylog, fs, utils
 from kippo.core.config import config
 import commands
 
@@ -160,8 +160,19 @@ class HoneyPotProtocol(recvline.HistoricRecvLine):
             '\x03':     self.handle_CTRL_C,
             })
 
+    def lastlogExit(self):
+        starttime = time.strftime('%a %b %d %H:%M',
+            time.localtime(self.logintime))
+        endtime = time.strftime('%H:%M',
+            time.localtime(time.time()))
+        duration = utils.durationHuman(time.time() - self.logintime)
+        utils.addToLastlog('root\tpts/0\t%s\t%s - %s (%s)' % \
+            (self.clientIP, starttime, endtime, duration))
+
     def connectionLost(self, reason):
         recvline.HistoricRecvLine.connectionLost(self, reason)
+        self.lastlogExit()
+
         # not sure why i need to do this:
         del self.fs
         del self.commands

kippo/core/utils.py

@@ -0,0 +1,41 @@
+# Copyright (c) 2010 Upi Tamminen <desaster@gmail.com>
+# See the COPYRIGHT file for more information
+
+import time, anydbm
+from kippo.core.config import config
+
+def addToLastlog(message):
+    db = anydbm.open('%s/lastlog.db' % \
+        config().get('honeypot', 'data_path'), 'c')
+    db[str(len(db)+1)] = message
+    db.close()
+
+def durationHuman(seconds):
+    seconds = long(round(seconds))
+    minutes, seconds = divmod(seconds, 60)
+    hours, minutes = divmod(minutes, 60)
+    days, hours = divmod(hours, 24)
+    years, days = divmod(days, 365.242199)
+ 
+    sdays = str(days)
+    syears = str(years)
+    sseconds = str(seconds).rjust(2, '0')
+    sminutes = str(minutes).rjust(2, '0')
+    shours = str(hours).rjust(2, '0')
+
+    duration = []
+    if years > 0:
+        duration.append('%s year' % syears + 's'*(years != 1) + ' ')
+    else:
+        if days > 0:
+            duration.append('%s day' % sdays + 's'*(days != 1) + ' ')
+        if hours > 0:
+            duration.append('%s:' % shours)
+        if minutes >= 0:
+            duration.append('%s:' % sminutes)
+        if seconds >= 0:
+            duration.append('%s' % sseconds)
+
+    return ''.join(duration)
+
+# vim: set sw=4 et:

txtcmds/usr/bin/last

@@ -1,3 +0,0 @@
-root     pts/7        10.94.2.240 Thu Apr  1 07:39 - 08:03  (00:24)
-
-wtmp begins Thu Apr  1 07:39:20 2010