From 2913ccf84a11d9c1c19c1885738ae8e5eaeb53d1 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 3 Jul 2016 19:56:10 -0400 Subject: faudit network --- src/faudit/network.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 src/faudit/network.c (limited to 'src/faudit/network.c') diff --git a/src/faudit/network.c b/src/faudit/network.c new file mode 100644 index 000000000..697b1d1fb --- /dev/null +++ b/src/faudit/network.c @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2014-2016 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ +#include "faudit.h" +#include +#include + +void check_ssh(void) { + printf("INFO: looking for ssh servers running on localhost\n"); + + // open socket + int sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock == -1) { + printf("Error: cannot create an IPv4 socket\n"); + return; + } + + // connect to localhost + struct sockaddr_in server; + server.sin_addr.s_addr = inet_addr("127.0.0.1"); + server.sin_family = AF_INET; + server.sin_port = htons(22); + + if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0) + printf("GOOD: SSH server not available on localhost\n"); + else { + printf("MAYBE: an SSH server is accessible on localhost\n"); + printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n"); + } + + close(sock); +} + +void network_test(void) { + check_ssh(); +} -- cgit v1.2.3-70-g09d2