From 86286babe204b6ac95a1cbc0af958e79d43655b5 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 5 Jul 2016 09:51:18 -0400 Subject: audit feature --- src/faudit/dbus.c | 2 +- src/faudit/files.c | 2 +- src/faudit/main.c | 2 +- src/faudit/network.c | 2 +- src/faudit/syscall.c | 5 +---- 5 files changed, 5 insertions(+), 8 deletions(-) (limited to 'src/faudit') diff --git a/src/faudit/dbus.c b/src/faudit/dbus.c index 5f25e7312..f7b5a221d 100644 --- a/src/faudit/dbus.c +++ b/src/faudit/dbus.c @@ -42,7 +42,7 @@ void check_session_bus(const char *sockfile) { printf("GOOD: I cannot connect to session bus. If the application misbehaves, please log a bug with the application developer.\n"); } else { - printf("MAYBE: I can connect to session bus. If this is undesirable, use \"--private-tmp\" or blacklist the socket file.\n"); + printf("MAYBE: I can connect to session bus. It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n"); } close(sock); diff --git a/src/faudit/files.c b/src/faudit/files.c index c27973358..e27d3436a 100644 --- a/src/faudit/files.c +++ b/src/faudit/files.c @@ -33,7 +33,7 @@ static void check_home_file(const char *name) { if (access(fname, R_OK) == 0) { printf("UGLY: I can access files in %s directory. ", fname); - printf("Use \"firejail --blacklist=~/%s\" to block it.\n", fname); + printf("Use \"firejail --blacklist=%s\" to block it.\n", fname); } else printf("GOOD: I cannot access files in %s directory.\n", fname); diff --git a/src/faudit/main.c b/src/faudit/main.c index df549ac3e..86d3fe4a9 100644 --- a/src/faudit/main.c +++ b/src/faudit/main.c @@ -41,7 +41,7 @@ int main(int argc, char **argv) { fprintf(stderr, "Error: cannot extract the path of the audit program\n"); return 1; } - printf("INFO: Starting %s.\n", prog); + printf("INFO: starting %s.\n", prog); // check pid namespace diff --git a/src/faudit/network.c b/src/faudit/network.c index bb3116c3b..39821cd25 100644 --- a/src/faudit/network.c +++ b/src/faudit/network.c @@ -40,7 +40,7 @@ void check_ssh(void) { if (connect(sock , (struct sockaddr *)&server , sizeof(server)) < 0) printf("GOOD: SSH server not available on localhost.\n"); else { - printf("MAYBE: An SSH server is accessible on localhost. "); + printf("MAYBE: an SSH server is accessible on localhost. "); printf("It could be a good idea to create a new network namespace using \"--net=none\" or \"--net=eth0\".\n"); } diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c index 84d73a03f..7088ad340 100644 --- a/src/faudit/syscall.c +++ b/src/faudit/syscall.c @@ -79,11 +79,8 @@ void syscall_run(const char *name) { if (child < 0) errExit("fork"); if (child == 0) { - char *cmd; - if (asprintf(&cmd, "%s syscall %s", prog, name) == -1) - errExit("asprintf"); execl(prog, prog, "syscall", name, NULL); - exit(0); + exit(1); } // wait for the child to finish -- cgit v1.2.3-70-g09d2