diff options
Diffstat (limited to 'src/firemon/firemon.c')
-rw-r--r-- | src/firemon/firemon.c | 137 |
1 files changed, 79 insertions, 58 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 3140c5f70..b63e37444 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -25,7 +25,6 @@ | |||
25 | #include <grp.h> | 25 | #include <grp.h> |
26 | #include <sys/stat.h> | 26 | #include <sys/stat.h> |
27 | 27 | ||
28 | |||
29 | static int arg_route = 0; | 28 | static int arg_route = 0; |
30 | static int arg_arp = 0; | 29 | static int arg_arp = 0; |
31 | static int arg_tree = 0; | 30 | static int arg_tree = 0; |
@@ -35,6 +34,9 @@ static int arg_caps = 0; | |||
35 | static int arg_cpu = 0; | 34 | static int arg_cpu = 0; |
36 | static int arg_cgroup = 0; | 35 | static int arg_cgroup = 0; |
37 | static int arg_x11 = 0; | 36 | static int arg_x11 = 0; |
37 | static int arg_top = 0; | ||
38 | static int arg_list = 0; | ||
39 | static int arg_netstats = 0; | ||
38 | int arg_nowrap = 0; | 40 | int arg_nowrap = 0; |
39 | 41 | ||
40 | static struct termios tlocal; // startup terminal setting | 42 | static struct termios tlocal; // startup terminal setting |
@@ -62,17 +64,6 @@ int find_child(int id) { | |||
62 | return -1; | 64 | return -1; |
63 | } | 65 | } |
64 | 66 | ||
65 | // drop privileges | ||
66 | void firemon_drop_privs(void) { | ||
67 | // drop privileges | ||
68 | if (setgroups(0, NULL) < 0) | ||
69 | errExit("setgroups"); | ||
70 | if (setgid(getgid()) < 0) | ||
71 | errExit("setgid/getgid"); | ||
72 | if (setuid(getuid()) < 0) | ||
73 | errExit("setuid/getuid"); | ||
74 | } | ||
75 | |||
76 | // sleep and wait for a key to be pressed | 67 | // sleep and wait for a key to be pressed |
77 | void firemon_sleep(int st) { | 68 | void firemon_sleep(int st) { |
78 | if (terminal_set == 0) { | 69 | if (terminal_set == 0) { |
@@ -129,53 +120,44 @@ int main(int argc, char **argv) { | |||
129 | } | 120 | } |
130 | 121 | ||
131 | // options without a pid argument | 122 | // options without a pid argument |
132 | else if (strcmp(argv[i], "--top") == 0) { | 123 | else if (strcmp(argv[i], "--top") == 0) |
133 | top(); // never to return | 124 | arg_top = 1; |
134 | } | 125 | else if (strcmp(argv[i], "--list") == 0) |
135 | else if (strcmp(argv[i], "--list") == 0) { | 126 | arg_list = 1; |
136 | list(); | 127 | else if (strcmp(argv[i], "--tree") == 0) |
137 | return 0; | 128 | arg_tree = 1; |
138 | } | ||
139 | else if (strcmp(argv[i], "--netstats") == 0) { | 129 | else if (strcmp(argv[i], "--netstats") == 0) { |
140 | struct stat s; | 130 | struct stat s; |
141 | if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) { | 131 | if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) { |
142 | fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n"); | 132 | fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n"); |
143 | exit(1); | 133 | exit(1); |
144 | } | 134 | } |
145 | 135 | arg_netstats = 1; | |
146 | netstats(); | ||
147 | return 0; | ||
148 | } | 136 | } |
149 | 137 | ||
150 | 138 | ||
151 | // cumulative options with or without a pid argument | 139 | // cumulative options with or without a pid argument |
152 | else if (strcmp(argv[i], "--x11") == 0) { | 140 | else if (strcmp(argv[i], "--x11") == 0) |
153 | arg_x11 = 1; | 141 | arg_x11 = 1; |
154 | } | 142 | else if (strcmp(argv[i], "--cgroup") == 0) |
155 | else if (strcmp(argv[i], "--cgroup") == 0) { | ||
156 | arg_cgroup = 1; | 143 | arg_cgroup = 1; |
157 | } | 144 | else if (strcmp(argv[i], "--cpu") == 0) |
158 | else if (strcmp(argv[i], "--cpu") == 0) { | ||
159 | arg_cpu = 1; | 145 | arg_cpu = 1; |
160 | } | 146 | else if (strcmp(argv[i], "--seccomp") == 0) |
161 | else if (strcmp(argv[i], "--seccomp") == 0) { | ||
162 | arg_seccomp = 1; | 147 | arg_seccomp = 1; |
163 | } | 148 | else if (strcmp(argv[i], "--caps") == 0) |
164 | else if (strcmp(argv[i], "--caps") == 0) { | ||
165 | arg_caps = 1; | 149 | arg_caps = 1; |
166 | } | ||
167 | else if (strcmp(argv[i], "--tree") == 0) { | ||
168 | arg_tree = 1; | ||
169 | } | ||
170 | else if (strcmp(argv[i], "--interface") == 0) { | 150 | else if (strcmp(argv[i], "--interface") == 0) { |
151 | if (getuid() != 0) { | ||
152 | fprintf(stderr, "Error: you need to be root to run this command\n"); | ||
153 | exit(1); | ||
154 | } | ||
171 | arg_interface = 1; | 155 | arg_interface = 1; |
172 | } | 156 | } |
173 | else if (strcmp(argv[i], "--route") == 0) { | 157 | else if (strcmp(argv[i], "--route") == 0) |
174 | arg_route = 1; | 158 | arg_route = 1; |
175 | } | 159 | else if (strcmp(argv[i], "--arp") == 0) |
176 | else if (strcmp(argv[i], "--arp") == 0) { | ||
177 | arg_arp = 1; | 160 | arg_arp = 1; |
178 | } | ||
179 | 161 | ||
180 | else if (strncmp(argv[i], "--name=", 7) == 0) { | 162 | else if (strncmp(argv[i], "--name=", 7) == 0) { |
181 | char *name = argv[i] + 7; | 163 | char *name = argv[i] + 7; |
@@ -212,27 +194,66 @@ int main(int argc, char **argv) { | |||
212 | } | 194 | } |
213 | } | 195 | } |
214 | 196 | ||
215 | if (arg_tree) | 197 | // allow only root user if /proc is mounted hidepid |
198 | if (pid_hidepid() && getuid() != 0) { | ||
199 | fprintf(stderr, "Error: /proc is mounted hidepid, you would need to be root to run this command\n"); | ||
200 | exit(1); | ||
201 | } | ||
202 | |||
203 | if (arg_top) { | ||
204 | top(); | ||
205 | return 0; | ||
206 | } | ||
207 | if (arg_list) { | ||
208 | list(); | ||
209 | return 0; | ||
210 | } | ||
211 | if (arg_netstats) { | ||
212 | netstats(); | ||
213 | return 0; | ||
214 | } | ||
215 | |||
216 | // cumulative options | ||
217 | int print_procs = 1; | ||
218 | if (arg_tree) { | ||
216 | tree((pid_t) pid); | 219 | tree((pid_t) pid); |
217 | if (arg_interface) | 220 | print_procs = 0; |
218 | interface((pid_t) pid); | 221 | } |
219 | if (arg_route) | 222 | if (arg_cpu) { |
220 | route((pid_t) pid); | 223 | cpu((pid_t) pid, print_procs); |
221 | if (arg_arp) | 224 | print_procs = 0; |
222 | arp((pid_t) pid); | 225 | } |
223 | if (arg_seccomp) | 226 | if (arg_seccomp) { |
224 | seccomp((pid_t) pid); | 227 | seccomp((pid_t) pid, print_procs); |
225 | if (arg_caps) | 228 | print_procs = 0; |
226 | caps((pid_t) pid); | 229 | } |
227 | if (arg_cpu) | 230 | if (arg_caps) { |
228 | cpu((pid_t) pid); | 231 | caps((pid_t) pid, print_procs); |
229 | if (arg_cgroup) | 232 | print_procs = 0; |
230 | cgroup((pid_t) pid); | 233 | } |
231 | if (arg_x11) | 234 | if (arg_cgroup) { |
232 | x11((pid_t) pid); | 235 | cgroup((pid_t) pid, print_procs); |
236 | print_procs = 0; | ||
237 | } | ||
238 | if (arg_x11) { | ||
239 | x11((pid_t) pid, print_procs); | ||
240 | print_procs = 0; | ||
241 | } | ||
242 | if (arg_interface) { | ||
243 | interface((pid_t) pid, print_procs); | ||
244 | print_procs = 0; | ||
245 | } | ||
246 | if (arg_route) { | ||
247 | route((pid_t) pid, print_procs); | ||
248 | print_procs = 0; | ||
249 | } | ||
250 | if (arg_arp) { | ||
251 | arp((pid_t) pid, print_procs); | ||
252 | print_procs = 0; | ||
253 | } | ||
233 | 254 | ||
234 | if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp && !arg_x11) | 255 | if (print_procs) |
235 | procevent((pid_t) pid); // never to return | 256 | procevent((pid_t) pid); |
236 | 257 | ||
237 | return 0; | 258 | return 0; |
238 | } | 259 | } |