From 5bef777f30c7d5c2640486d33453b8648beb1eee Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 11 Jul 2016 10:01:45 -0400
Subject: audit work

---
 src/faudit/network.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'src/faudit/network.c')

diff --git a/src/faudit/network.c b/src/faudit/network.c
index 0e0ad1844..cf1eede69 100644
--- a/src/faudit/network.c
+++ b/src/faudit/network.c
@@ -23,7 +23,7 @@
 #include <linux/netlink.h>
 #include <linux/rtnetlink.h>
 
-void check_ssh(void) {
+static void check_ssh(void) {
 	// open socket
 	int sock = socket(AF_INET, SOCK_STREAM, 0);
 	if (sock == -1) {
@@ -47,6 +47,30 @@ void check_ssh(void) {
 	close(sock);
 }
 
+static void check_http(void) {
+	// open socket
+	int sock = socket(AF_INET, SOCK_STREAM, 0);
+	if (sock == -1) {
+		printf("GOOD: HTTP server not available on localhost.\n");
+		return;
+	}
+
+	// connect to localhost
+	struct sockaddr_in server;
+	server.sin_addr.s_addr = inet_addr("127.0.0.1");
+	server.sin_family = AF_INET;
+	server.sin_port = htons(80);	
+	
+	if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0)
+		printf("GOOD: HTTP server not available on localhost.\n");
+	else {
+		printf("MAYBE: an HTTP server is accessible on localhost. ");
+		printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n");
+	}
+	
+	close(sock);
+}
+
 void check_netlink(void) {
 	int sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, 0);
 	if (sock == -1) {
@@ -72,5 +96,6 @@ void check_netlink(void) {
 	
 void network_test(void) {
 	check_ssh();
+	check_http();
 	check_netlink();
 }
-- 
cgit v1.2.3-70-g09d2