From d77bfd2366ec79a125e0e9c526dbcac3a0b06817 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Sat, 8 Feb 2025 09:49:00 -0500 Subject: [PATCH] dorking around --- account.cc | 12 +++ account.h | 37 +++++++ audisp-example.c | 252 +++++++++++++++++++++++++++++++++++++++++++++++ main.c | 44 +++++++-- read++.cc | 23 +++++ read.c | 63 ++++++++++++ 6 files changed, 423 insertions(+), 8 deletions(-) create mode 100644 account.cc create mode 100644 account.h create mode 100644 audisp-example.c create mode 100644 read++.cc create mode 100644 read.c diff --git a/account.cc b/account.cc new file mode 100644 index 0000000..c30c977 --- /dev/null +++ b/account.cc @@ -0,0 +1,12 @@ +#include +#include +#include + +using namespace std; + +#include "account.h" + +int main(int argc, char* argv[]) { + Account account(0.0); + return EXIT_SUCCESS; +} diff --git a/account.h b/account.h new file mode 100644 index 0000000..bfb2bb5 --- /dev/null +++ b/account.h @@ -0,0 +1,37 @@ + +/* + * ===================================================================================== + * Class: Account + * Description: + * ===================================================================================== + */ +class Account +{ + public: + + /* ==================== LIFECYCLE ======================================= */ + //Account (); /* constructor */ + //Account ( const Account &other ); /* copy constructor */ + Account ( double initial_balance ) : balance(initial_balance) { + } + ~Account () { /* destructor */ + } + + /* ==================== ACCESSORS ======================================= */ + + /* ==================== MUTATORS ======================================= */ + + /* ==================== OPERATORS ======================================= */ + + Account& operator = ( const Account &other ); /* assignment operator */ + + protected: + /* ==================== DATA MEMBERS ======================================= */ + + private: + /* ==================== DATA MEMBERS ======================================= */ + + double balance; + +}; /* ----- end of class Account ----- */ + diff --git a/audisp-example.c b/audisp-example.c new file mode 100644 index 0000000..913cb63 --- /dev/null +++ b/audisp-example.c @@ -0,0 +1,252 @@ +/* audisp-example.c -- + * Copyright 2012 Red Hat Inc. + * All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Authors: + * Steve Grubb + * + * This is a sample program to demonstrate several concepts of how to + * write an audispd plugin using libauparse. It can be tested by using a + * file of raw audit records. You can generate the test file like: + * + * ausearch --start today --raw > test.log. + * + * Then you can test this app by: cat test.log | ./audisp-example + * + * It will print things to stdout. In a real program, you wouldn't + * do anything with stdout since that is likely to be pointing to /dev/null. + * + * Excluding some init/destroy items you might need to add to main, the + * event_handler function is the main place that you would modify to do + * things specific to your plugin. + * + * Also, note that for a "real" plugin, you may have to add an internal queue + * to your application. If plugins do any kind of networking or in depth + * processing of incoming events, auditd's internal queue can overflow because + * the socket connecting to the plugin's stdin get backed up. When audit has + * nowhere to put events, the kernel's audit backlog can get filled up. + * If that happens, the backlog_wait_time is consulted by the kernel which + * may have the effect of slowing down the whole system. A good design would be + * to have 2 threads, one watching for inbound events and one doing the + * processing of the events with a configurable queue in between. + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include + +/* Global Data */ +static volatile int stop = 0; +static volatile int hup = 0; +static auparse_state_t *au = NULL; + +/* Local declarations */ +static void handle_event(auparse_state_t *au, + auparse_cb_event_t cb_event_type, void *user_data); + +/* + * SIGTERM handler + */ +static void term_handler(int sig) +{ + stop = 1; +} + +/* + * SIGHUP handler: re-read config + */ +static void hup_handler(int sig) +{ + hup = 1; +} + +static void reload_config(void) +{ + hup = 0; + + /* + * Add your code here that re-reads the config file and changes + * how your plugin works. + */ +} + +int main(int argc, char *argv[]) +{ + char tmp[MAX_AUDIT_MESSAGE_LENGTH]; + struct sigaction sa; + + /* Register sighandlers */ + sa.sa_flags = 0; + sigemptyset(&sa.sa_mask); + /* Set handler for the ones we care about */ + sa.sa_handler = term_handler; + sigaction(SIGTERM, &sa, NULL); + sa.sa_handler = hup_handler; + sigaction(SIGHUP, &sa, NULL); + /* Set STDIN non-blocking */ + fcntl(0, F_SETFL, O_NONBLOCK); + + /* Initialize the auparse library */ + au = auparse_init(AUSOURCE_FEED, 0); + if (au == NULL) { + printf("audisp-example is exiting due to auparse init errors"); + return -1; + } + auparse_set_eoe_timeout(2); + auparse_add_callback(au, handle_event, NULL, NULL); + do { + fd_set read_mask; + int retval; + int read_size = 1; /* Set to 1 so it's not EOF */ + + /* Load configuration */ + if (hup) { + reload_config(); + } + do { + FD_ZERO(&read_mask); + FD_SET(0, &read_mask); + + if (auparse_feed_has_data(au)) { + struct timeval tv; + tv.tv_sec = 1; + tv.tv_usec = 0; + retval= select(1, &read_mask, NULL, NULL, &tv); + } else + retval= select(1, &read_mask, NULL, NULL, NULL); + + /* If we timed out & have events, shake them loose */ + if (retval == 0 && auparse_feed_has_data(au)) + auparse_feed_age_events(au); + + } while (retval == -1 && errno == EINTR && !hup && !stop); + + /* Now the event loop */ + if (!stop && !hup && retval > 0) { + while ((read_size = read(0, tmp, + MAX_AUDIT_MESSAGE_LENGTH)) > 0) { + auparse_feed(au, tmp, read_size); + } + } + if (read_size == 0) /* EOF */ + break; + } while (stop == 0); + + /* Flush any accumulated events from queue */ + auparse_flush_feed(au); + auparse_destroy(au); + if (stop) + printf("audisp-example is exiting on stop request\n"); + else + printf("audisp-example is exiting on stdin EOF\n"); + + return 0; +} + +/* This function shows how to dump a whole event by iterating over records */ +static void dump_whole_event(auparse_state_t *au) +{ + auparse_first_record(au); + do { + printf("%s\n", auparse_get_record_text(au)); + } while (auparse_next_record(au) > 0); + printf("\n"); +} + +/* This function shows how to dump a whole record's text */ +static void dump_whole_record(auparse_state_t *au) +{ + printf("%s: %s\n", audit_msg_type_to_name(auparse_get_type(au)), + auparse_get_record_text(au)); + printf("\n"); +} + +/* This function shows how to iterate through the fields of a record + * and print its name and raw value and interpreted value. */ +static void dump_fields_of_record(auparse_state_t *au) +{ + printf("record type %d(%s) has %d fields\n", auparse_get_type(au), + audit_msg_type_to_name(auparse_get_type(au)), + auparse_get_num_fields(au)); + + printf("line=%d file=%s\n", auparse_get_line_number(au), + auparse_get_filename(au) ? auparse_get_filename(au) : "stdin"); + + const au_event_t *e = auparse_get_timestamp(au); + if (e == NULL) { + printf("Error getting timestamp - aborting\n"); + return; + } + /* Note that e->sec can be treated as time_t data if you want + * something a little more readable */ + printf("event time: %u.%u:%lu, host=%s\n", (unsigned)e->sec, + e->milli, e->serial, e->host ? e->host : "?"); + auparse_first_field(au); + + do { + printf("field: %s=%s (%s)\n", + auparse_get_field_name(au), + auparse_get_field_str(au), + auparse_interpret_field(au)); + } while (auparse_next_field(au) > 0); + printf("\n"); +} + +/* This function receives a single complete event at a time from the auparse + * library. This is where the main analysis code would be added. */ +static void handle_event(auparse_state_t *au, + auparse_cb_event_t cb_event_type, void *user_data) +{ + int type, num=0; + + if (cb_event_type != AUPARSE_CB_EVENT_READY) + return; + + /* Loop through the records in the event looking for one to process. + We use physical record number because we may search around and + move the cursor accidentally skipping a record. */ + while (auparse_goto_record_num(au, num) > 0) { + type = auparse_get_type(au); + /* Now we can branch based on what record type we find. + This is just a few suggestions, but it could be anything. */ + switch (type) { + case AUDIT_AVC: + dump_fields_of_record(au); + break; + case AUDIT_SYSCALL: + dump_whole_record(au); + break; + case AUDIT_USER_LOGIN: + break; + case AUDIT_ANOM_ABEND: + break; + case AUDIT_MAC_STATUS: + dump_whole_event(au); + break; + default: + break; + } + num++; + } +} + diff --git a/main.c b/main.c index e1bca00..10e490b 100644 --- a/main.c +++ b/main.c @@ -5,21 +5,32 @@ enum DNA_PROTEINS { - DNA_PROTIEN_A = 0x01, - DNA_PROTIEN_T = 0x02, - DNA_PROTIEN_G = 0x04, - DNA_PROTIEN_C = 0x08, + DNA_PROTIEN_A = 1, + DNA_PROTIEN_T = 2, + DNA_PROTIEN_G = 4, + DNA_PROTIEN_C = 8, }; +void +loop() +{ + for (int i = 0 ; i < 8; i++) { + printf("i: %d\n", i); + } +} + int main() { - signed char c; - short int i; + loop(); +} + +void +nope() +{ + signed char c; // 1 byte (8 bits) printf("sizeof(c) %d\n", sizeof(c)); - printf("sizeof(i) %d\n", sizeof(i)); - printf("c: %b || %d\n", c, c); printf("A: %b\n", DNA_PROTIEN_A); @@ -29,6 +40,23 @@ main() c |= DNA_PROTIEN_A; printf("c: %b || %d\n", c, c); + c |= DNA_PROTIEN_T; + printf("c: %b || %d\n", c, c); c |= DNA_PROTIEN_G; printf("c: %b || %d\n", c, c); + c |= DNA_PROTIEN_C; + printf("c: %b || %d\n", c, c); + c |= 16 ; // upper 4 bits + printf("c: %b || %d\n", c, c); + c |= 32; // upper 4 bits + printf("c: %b || %d\n", c, c); + c |= 64; // upper 4 bits + printf("c: %b || %d\n", c, c); + c |= 128; // too far + printf("c: %b || %d\n", c, c); + c |= 256; // too far + printf("c: %b || %d\n", c, c); + c |= 512; // too far + printf("c: %b || %d\n", c, c); } + diff --git a/read++.cc b/read++.cc new file mode 100644 index 0000000..88ac647 --- /dev/null +++ b/read++.cc @@ -0,0 +1,23 @@ +#include +#include +#include + +using namespace std; + +vector collect_lines(istream& is) +{ + unordered_set s; + for (string line; getline(is, line); ) + s.insert(line); + return vector(s.begin(), s.end()); +} + +int main() { + auto lines = collect_lines(cin); + for (const string& line : lines) + cout << line << endl; + try { + + } + return 0; +} diff --git a/read.c b/read.c new file mode 100644 index 0000000..96644ae --- /dev/null +++ b/read.c @@ -0,0 +1,63 @@ +#define _GNU_SOURCE +#include +#include + +int +main(void) +{ + FILE * fp; + char * line = NULL; + size_t len = 0; + ssize_t read; + + size_t num_lines; + size_t max_len; + + fp = fopen("./genome_VINCENT_BATTS_v5_Full_20240403215609.txt", "r"); + if (fp == NULL) { + exit(EXIT_FAILURE); + } + + while ((read = getline(&line, &len, fp)) != -1) { + printf("Read line length: %zu:\n", read); + if (read > 0) { + if (line[0] == '#') { + printf("skipping a comment line ...\n"); + continue; + } + if (read > max_len) { + max_len = read; + } + num_lines++; + } + //printf("%s", line); + } + + printf("num_lines: %zu\n", num_lines); + printf("max_len: %zu\n", max_len); + + char **arr[num_lines]; + num_lines = 0; + while ((read = getline(&line, &len, fp)) != -1) { + printf("Read line length: %zu:\n", read); + if (read > 0) { + if (line[0] == '#') { + continue; + } + arr[num_lines] = &line; + num_lines++; + } + } + + int num; + printf("enter a number: "); + scanf("%d", &num); + + fclose(fp); + if (line) { + free(line); + } + + exit(EXIT_SUCCESS); +} +