#include "monitsys.h"
#define EVENT_NUM 12
#define BUF_SIZE 1024
//gcc cpumem.c -lzmq -lpthread -L/usr/local/lib -I/usr/local/include -Wl,-rpath=/usr/local/lib/ -o cpumem
// #define fb_debug(fmt, arg...) \
// do{\
// printf("%s %d : ", __FILE__, __LINE__); \
// printf(fmt, ##arg); \
// printf("\n"); \
// }while(0)
// #define fb_assert(x, info) \
// do{\
// if(!(x)) { \
// fb_debug(info); \
// return -1;\
// } \
// }while(0)
char *event_str[EVENT_NUM] =
{
"IN_ACCESS",
"IN_MODIFY",
"IN_ATTRIB",
"IN_CLOSE_WRITE",
"IN_CLOSE_NOWRITE",
"IN_OPEN",
"IN_MOVED_FROM",
"IN_MOVED_TO",
"IN_CREATE",
"IN_DELETE",
"IN_DELETE_SELF",
"IN_MOVE_SELF"
};
int lastnum = 0,lastlognum = 0,newloginnum = 0,lastloginnum = 0;
typedef struct CPU_PACKED
{
char name[20]; //
unsigned int user;
unsigned int nice;
unsigned int system;
unsigned int idle;
}CPU_OCCUPY;
typedef struct
{
uint uiType; // 1
char szip[32];
struct timeval stRcvTime;
uint uiCpuRate;
uint uiMemRate;
uint uiTcpEstablishNum;
uint uiRunningProcessNum;
uint uiCronNum;
char szPasswdMd5[64];
char szGroupMd5[64];
}Msgreport;
typedef struct
{
uint uiType;//2
char szIp[32];
struct timeval stRcvTime;
char uiProcessname[32];
uint uiProcessState;// 0 mains enable,1 disable
}stProcessState;
typedef struct
{
uint uiType; //3
char szIp[32];
struct timeval stRcvTime;
char szFileName[32]; //filename modified
//char eventType[16]; //eventType of filename
char szFileMd5[64]; //md5num of file name
}stFileState;
typedef struct
{
uint uiType; //4
char szIp[32];
struct timeval stRcvTime;
char szPath[32]; //监控路径
char szFileName[32]; //增加或删除的文件名称
uint uiFileNum; //当前文件夹下文件数量
}stFileNum;
typedef struct
{
uint uiType;//5
char szIp[32];
struct timeval stRcvTime;
char szLogFile[32];
char szMsg[5][128];
}stLogMsg;
//stLogMsg *syslogreport,commendlog;
float cal_cpuoccupy(CPU_OCCUPY *o,CPU_OCCUPY *n)
{
unsigned long od,nd;
unsigned long id,sd;
float cpu_use = 0;
od = (unsigned long)(o->user + o->nice + o->system + o->idle);
nd = (unsigned long)(n->user + n->nice + n->system + n->idle);
id = (unsigned long)(n->nice - o->nice);
sd = (unsigned long)(n->idle - o->idle);
if((nd-od) != 0)
cpu_use = (float)(((nd-od)-sd))*100/(nd-od);
else
cpu_use = 0;
return cpu_use;
}
int judgeiflogin()
{
FILE *fd = NULL;
char buff[180],*num=NULL, *cmd=NULL,*cur,bu[180];
int i = 0,le = 0,newnum = 0, devalue = 0, t = 0, len = 0;
// system("who /var/log/wtmp | wc -l > /home/czl/tengswitch/login.txt");
// fd = fopen("/home/czl/tengswitch/login.txt","r");
if(NULL==(fd = popen(" who /var/log/wtmp | wc -l ","r")))
{
fprintf(stdout,"execute command failed: ");
return 0;
}
// fd = popen("history | tail -n 6","r");
fgets(buff,sizeof(buff),fd);
// printf("string in buff is:%s\n", buff);
// sscanf(buff,"%s %s",bu,&commendlog->szMsg[0][0]);
// printf("newnum in bu is :%s\n", bu);
newnum = atoi(buff);
printf("newnum in bu is :%d\n", newnum);
fclose(fd);
return newnum;
}
// stLogMsg *judgelogin()
/*
void judgelogin()
{
FILE *fd;
memset(&commendlog,0,sizeof(stLogMsg));
// stLogMsg commendlog ;
// commendlog = (stLogMsg*)malloc(sizeof(stLogMsg));
// memset(commendlog,0, sizeof(stLogMsg));
commendlog.uiType = 5;
stpcpy(commendlog.szIp,"172.171.17.213");
gettimeofday(&commendlog.stRcvTime,NULL);
stpcpy(commendlog.szLogFile,"/log/wtmp");
char buff[180],*num=NULL, *cmd=NULL,*cur,bu[180];
int i = 0,le = 0,newnum = 0, devalue = 0, t = 0, len = 0;
// system("who /var/log/wtmp | wc -l > /home/czl/tengswitch/login.txt");
fd = fopen("/home/czl/tengswitch/login.txt","r");
// fd = popen("history | tail -n 6","r");
// fgets(buff,sizeof(buff),fd);
// printf("string in buff is:%s\n", buff);
// sscanf(buff,"%s %s",bu,&commendlog->szMsg[0][0]);
// printf("newnum in bu is :%s\n", bu);
// newnum = atoi(buff);
devalue = newloginnum - lastloginnum;
if (devalue > 5 || devalue < 0)
{
printf("devalue in loop1 is :%d\n", devalue);
//sprintf(cmd,"who /var/log/wtmp |",);
system("who /var/log/wtmp | tail -n 6 > /home/czl/tengswitch/login.txt");
fgets(buff,sizeof(buff),fd);
for(le=0;le < 5; le++)
{
buff[180] = '0';
// sscanf(buff,"%s",&commendlog->szMsg[0][le]);
fgets(buff,sizeof(buff),fd);
memcpy(&commendlog.szMsg[le],buff,strlen(buff));
//printf("size of buff is %d \n",sizeof(buff));
//printf("strlen of buff is %d \n",strlen(buff));
printf("log in 1struct is %s",&commendlog.szMsg[le]);
}
printf("have come here \n");
}
else if (devalue <= 5 || devalue > 0)
{
sprintf(bu,"who /var/log/wtmp | tail -n %d > /home/czl/tengswitch/login.txt",devalue+1);
//printf("bu is :%s\n", bu);
printf("devalue in loop2 is :%d\n", devalue);
// cmd =&bu[0];
//memcpy(cmd,bu,strlen(bu));
//printf("cmd is :%d\n", cmd);
system(bu);
fgets(buff,sizeof(buff),fd);
for(le=0; le < devalue; le++)
{
buff[180] = '0';
fgets(buff,sizeof(buff),fd);
memcpy(&commendlog.szMsg[le],buff,strlen(buff));
printf("log in 2 struct is %s \n",&commendlog.szMsg[le]);
}
}
// printf("newnum is :%d\n", newnum);
// return &commendlog;
fclose(fd);
// printf("end of loop\n");
// lastlognum = newnum;
}
*/
stLogMsg judgelogin(char *ip)
{
stLogMsg getlogin;
// getlogin = (stLogMsg*)malloc(sizeof(stLogMsg));
FILE *fd;
// memset(&commendlog,0,sizeof(stLogMsg));
memset(&getlogin,0,sizeof(stLogMsg));
// stLogMsg commendlog ;
// commendlog = (stLogMsg*)malloc(sizeof(stLogMsg));
// memset(commendlog,0, sizeof(stLogMsg));
getlogin.uiType = 5;
stpcpy(getlogin.szIp,ip);
gettimeofday(&getlogin.stRcvTime,NULL);
stpcpy(getlogin.szLogFile,"login");
char buff[180],*num=NULL, *cmd=NULL,*cur,bu[180];
int i = 0,le = 0,newnum = 0, devalue = 0, t = 0, len = 0;
system("who /var/log/wtmp | wc -l > /root/czl/login.txt");
fd = fopen("/root/cheng/login.txt","r");
// fd = popen("history | tail -n 6","r");
// fgets(buff,sizeof(buff),fd);
// printf("string in buff is:%s\n", buff);
// sscanf(buff,"%s %s",bu,&commendlog->szMsg[0][0]);
// printf("newnum in bu is :%s\n", bu);
// newnum = atoi(buff);
devalue = newloginnum - lastloginnum;
if (devalue > 5 || devalue < 0)
{
printf("devalue in loop1 is :%d\n", devalue);
//sprintf(cmd,"who /var/log/wtmp |",);
system("who /var/log/wtmp | tail -n 6 > /root/czl/login.txt");
fgets(buff,sizeof(buff),fd);
for(le=0;le < 5; le++)
{
buff[180] = '0';
// sscanf(buff,"%s",&commendlog->szMsg[0][le]);
fgets(buff,sizeof(buff),fd);
memset(&getlogin.szMsg[le],0,sizeof(getlogin.szMsg[le]));
memcpy(&getlogin.szMsg[le],buff,strlen(buff));
//printf("size of buff is %d \n",sizeof(buff));
//printf("strlen of buff is %d \n",strlen(buff));
//printf("log in 1struct is %s",&getlogin->szMsg[le]);
}
//printf("have come here \n");
}
else if (devalue <= 5 || devalue > 0)
{
memset(&getlogin.szMsg[0],0,5*sizeof(getlogin.szMsg[le]));
sprintf(bu,"who /var/log/wtmp | tail -n %d > /root/czl/login.txt",devalue+1);
//printf("bu is :%s\n", bu);
printf("devalue in loop2 is :%d\n", devalue);
// cmd =&bu[0];
//memcpy(cmd,bu,strlen(bu));
//printf("cmd is :%d\n", cmd);
system(bu);
fgets(buff,sizeof(buff),fd);
for(le=0; le < devalue; le++)
{
buff[180] = '0';
fgets(buff,sizeof(buff),fd);
memset(&getlogin.szMsg[le],0,sizeof(getlogin.szMsg[le]));
memcpy(&getlogin.szMsg[le],buff,strlen(buff));
//printf("log in 2 struct is %s \n",&getlogin->szMsg[le]);
}
}
// printf("newnum is :%d\n", newnum);
// printf("msg login in function type is %d\nip is %s\nfilename is %s\n ",getlogin->uiType,getlogin->szIp,getlogin->szLogFile);
// printf("szMsg0 is %s\n",getlogin->szMsg[0]);
// printf("szMsg1 is %s\n",getlogin->szMsg[1]);
// printf("szMsg2 is %s\n",getlogin->szMsg[2]);
// printf("szMsg3 is %s\n",getlogin->szMsg[3]);
// printf("szMsg4 is %s\n",getlogin->szMsg[4]);
fclose(fd);
return getlogin;
// lastlognum = newnum;
}
/*
void judgecommend()
{
stLogMsg *commendlog = NULL;//, *pst=NULL;
FILE *fd;
char buff[180],*num, *cmd,*cur,bu[180];
int i = 0,le = 0,newnum = 0, devalue = 0, t = 0, len = 0;
const char s[2] = " ";
commendlog = (stLogMsg*)malloc(sizeof(stLogMsg));
memset(commendlog,0, sizeof(stLogMsg));
//system("history | tail -n 6 > /home/czl/tengswitch/history.txt");
system("who /var/log/wtmp > /home/czl/tengswitch/history.txt");
while(1)
{
}
fd = fopen("/home/czl/tengswitch/history.txt","r");
// fd = popen("history | tail -n 6","r");
fgets(buff,sizeof(buff),fd);
printf("string in buff is:%s\n", buff);
sscanf(buff,"%s %s",bu,&commendlog->szMsg[0][0]);
// printf("newnum in bu is :%s\n", bu);
newnum = atoi(bu);
devalue = newnum - lastnum;
printf("devalue before loop is %d\n",devalue);
printf("begin to loop\n");
for(le = 0; le < 5; le++)
{
memset(commendlog,0, sizeof(stLogMsg));
buff[180] = '0';
fgets(buff,sizeof(buff),fd);
if(le < 5-devalue )
continue;
printf("%s\n", buff);
cur = &buff[0];
for(i=0;i<10;i++)
{
// printf("%d\n", i);
if (*cur == ' ')
t++;
if (t == 2)
num = ++cur;
if (t == 4)
{
cmd = ++cur;
break;
}
cur++;
}
// printf("%s\n", num);
printf("%s\n", cmd);
len =strlen(cmd);
memcpy(&commendlog->szMsg[0][le],cmd,len);
printf("string in struct is %s\n", &commendlog->szMsg[0][le]);
// printf("4%c\n", buff[3]);
// printf("5%c\n", buff[4]);
// printf("6%c\n", buff[5]);
// printf("7%c\n", buff[6]);
// printf("8%c\n", buff[7]);
// printf("9%c\n", buff[8]);
// num = strtok(buff,s);
//printf( "%s\n",num);
//cmd = strtok(NULL,s);
// strcpy(bu, strtok(NULL, " "));
// printf("%s\n", num);
//sscanf(buff,"%s %s",num, commendlog->szMsg[0][0]);
// pis =&commendlog[0];
// commendlog->uiType = 1;
// printf("%s %s\n", num , commendlog->szMsg[0][0]);
// printf("%d \n", commendlog->uiType);
}
fclose(fd);
printf("end of loop\n");
lastnum = newnum;
}
*/
void getPidByName(pid_t *pid, char *task_name)
{
DIR *dir;
struct dirent *ptr;
FILE *fp;
char filepath[50];
char cur_task_name[50];
char buf[BUF_SIZE];
dir = opendir("/proc");
if (NULL != dir)
{
while ((ptr = readdir(dir)) != NULL) //循环读取/proc下的每一个文件/文件夹
{
//如果读取到的是"."或者".."则跳过,读取到的不是文件夹名字也跳过
if ((strcmp(ptr->d_name, ".") == 0) || (strcmp(ptr->d_name, "..") == 0))
continue;
if (DT_DIR != ptr->d_type)
continue;
sprintf(filepath, "/proc/%s/status", ptr->d_name);//生成要读取的文件的路径
fp = fopen(filepath, "r");
if (NULL != fp)
{
if( fgets(buf, BUF_SIZE-1, fp)== NULL )
{
fclose(fp);
continue;
}
sscanf(buf, "%*s %s", cur_task_name); //如果文件内容满足要求则打印路径的名字(即进程的PID)
if (!strcmp(task_name, cur_task_name))
{
sscanf(ptr->d_name, "%d", pid);
}
fclose(fp);
}
}
closedir(dir);
}
}
void get_cpuoccupy(CPU_OCCUPY *cpust)
{
FILE *fd;
int n;
char buff[256];
CPU_OCCUPY *cpu_occupy;
cpu_occupy = cpust;
fd = fopen("/proc/stat","r");
fgets(buff,sizeof(buff),fd);
sscanf(buff,"%s %u %u %u %u",cpu_occupy->name,&cpu_occupy->user,&cpu_occupy->nice,&cpu_occupy->system,&cpu_occupy->idle);
// printf("%s %u %u %u %u\n",cpu_occupy->name,cpu_occupy->user,cpu_occupy->nice,cpu_occupy->system,cpu_occupy->idle);
fclose(fd);
}
int firewallcharge()
{
FILE *fd;
int n;
char buff[16];
char buff1[16];
// char buff2[16];
char buff2[16] = "active";
// system("systemctl status firewalld.service | grep Active > /home/czl/tengswitch/firewall.txt");
// system("chmod 777 firewall.txt");
//fd = fopen("/home/czl/tengswitch/firewall.txt","r");
// changed 20200813
if(NULL==(fd = popen("systemctl status firewalld.service | grep Active","r")))
{
fprintf(stdout,"execute command failed: ");
return 0;
}
//fgets(buff,sizeof(buff),fd);
fscanf(fd,"%s %s",buff,buff1);
// printf("%s %s\n",buff,buff1);
n = strcmp(buff1,buff2);
fclose(fd);
if( n == 0 )
{
//printf("firewall enable\n");
return 0;
}
else
{
//printf("firewall disable\n");
return 1;
}
}
unsigned int processnum()
{
FILE *fd,*fd1;
unsigned int pronum;
char buff[16];
char buff1[16];
// system("ps -auxw | wc -l >/home/czl/tengswitch/process_num.txt");
//system("chmod 777 /home/czl/tengswitch/process_num.txt");
//fd = fopen("/home/czl/tengswitch/process_num.txt","r");
if(NULL==(fd = popen("ps -auxw | wc -l","r")))
{
fprintf(stdout,"execute command failed: ");
return 0;
}
if(fd == NULL)
{
printf("open file:process_num.txt error
");
exit(0);
}
///fgets(buff,sizeof(buff),fd);
fscanf(fd,"%s",buff);
pronum = atoi(buff);
fclose(fd);
return pronum;
}
unsigned int uiCronNum()
{
FILE *fd = NULL,*fd1 = NULL;
unsigned int cronum = 0;
char buff[64]="\0";
char buff1[64]="\0";
system("crontab -l > /root/cheng/cron.txt 2>&1");
system("chmod 777 /root/cheng/cron.txt");
fd = fopen("/root/cheng/cron.txt","r");
while(NULL != fgets(buff,sizeof(buff),fd))
{
cronum++;
continue;
}
if(cronum == 1)
cronum = 0;
// printf("There is no date");
// if(NULL==(fd = popen("crontab -l","r")))
//{
// fprintf(stdout,"execute crontab failed: ");
//return 0;
//}
//fgets(buff,sizeof(buff),fd);
// fscanf(fd, "%s",buff);
// pronum = atoi(buff);
// if(buff[0] != 'n')
//printf("buff is %s \n ",buff);
fclose(fd);
return cronum;
}
unsigned int processnum_tcp()
{
FILE *fd,*fd1;
unsigned int pronum,tcpnum;
char buff[16];
char buff1[16];
//netstat -an |grep 'ESTABLISHED' |grep 'tcp' |wc -l
// system("netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}' > /home/czl/tengswitch/processtcp.txt");
// system("chmod 777 /home/czl/tengswitch/processtcp.txt");
// fd = fopen("/home/czl/tengswitch/processtcp.txt","r");
if(NULL==(fd = popen(" netstat -an |grep 'ESTABLISHED' |grep 'tcp' |wc -l ","r")))
{
fprintf(stdout,"execute command failed: ");
return 0;
}
fscanf(fd,"%s %s",buff,buff1);
tcpnum = atoi(buff1);
// printf("%d\n",tcpnum);
fclose(fd);
return tcpnum;
}
double get_memoccupy()
{
double memory_have = 0;
//system("free -m | grep Mem > memory.txt");
//system("chmod 777 memory.txt");
FILE * fp = NULL;
//fp = fopen ("memory.txt", "r");
if(NULL==(fp = popen("free -m | grep Mem","r")))
{
fprintf(stdout,"execute command failed: ");
return 0;
}
//if(fp == NULL)
//{
// printf("open file:memory.txt error
");
// return 0;
//}
char s1[20] = {0};
unsigned int total = 0;
unsigned int used = 0;
fscanf(fp, "%s %d %d", s1, &total, &used);
//printf("name: %s\n total:%d\n used:%d\n",s1,total,used);
fclose(fp);
fp = NULL;
memory_have = ((100 * used) / total);
return memory_have;
}
char *get_md5passwd()
{
char md5num[64] = {0};
char filename[48] = {0};
int n;
// system("md5sum /etc/passwd > passwd.txt");
// system("chmod 777 passwd.txt");
FILE * fp = NULL;
// fp = fopen ("passwd.txt", "r");
// if(fp == NULL)
// {
// printf("open file:passwd.txt error
");
// return 0;
// }
if(NULL==(fp = popen("md5sum /etc/passwd","r")))
{
fprintf(stdout,"execute command failed: ");
return NULL;
}
fscanf(fp, "%s %s", md5num, filename);
//printf("passwd md5num in function is: %s\n",md5num);
fclose(fp);
//md5num[32]='\0';
//n = strlen(md5num);
// printf("len of passwd is %d\n",n);
//fp = NULL;
return md5num;
}
char *get_md5group()
{
FILE * fp = NULL;
char md5group[64] = {0};
char filename[48] = {0};
int n;
// system("md5sum /etc/group > group.txt");
//system("chmod 777 group.txt");
if(NULL==(fp=popen("md5sum /etc/group","r")))
{
fprintf(stdout,"execute command failed: ");
return NULL;
}
// fp = fopen ("group.txt", "r");
// if(fp == NULL)
//{
// printf("open file:group.txt error
");
// return 0;
//}
fscanf(fp, "%s %s", md5group, filename);
//printf("group md5num in function is: %s\n",md5group);
fclose(fp);
//fp = NULL;
//n = strlen(md5num);
// printf("length of md5passwd is: %s\n",n);
// md5group[32]='\0';
return md5group;
}
FILE *getshellvalue(char *pcmd)
{
FILE * fstream = NULL;
if(NULL == (fstream = popen(pcmd,"r")))
{
fprintf(stdout,"execute command failed: ");
return NULL;
}
//pcmd = "ls -trl | awk '{print $9}'";
return fstream;
}
void *get_historycmd(void *arg)
{
int fd,wd,len,nread,i;
char buf[BUFSIZ];
struct inotify_event *event;
stLogMsg stlogmsg;
FILE * fnsteam = NULL;
const char *ip = "10.10.10.201";
int port = 7002;
char *pcip;
pcip = (char *)arg;
void * ctx = zmq_ctx_new();
fb_assert(ctx, "create zmq context faild");
void *sock = zmq_socket(ctx, ZMQ_REQ);
fb_assert(sock, "create zmq socket faild");
char szaddr[128] = {0};
char cmdbuff[128] = {0};
char cmd[128] = {0};
snprintf(szaddr, sizeof(szaddr), "tcp://%s:%d", ip, port);
{//加密相关代码
char szmsg[1024] = {0};
//此密钥为服务端产生的公钥
strcpy(szmsg, "p=lDOa9WKUKz!I9{G)uPX4@&CrV-(>tDg:kaSGzE");
zmq_setsockopt(sock, ZMQ_CURVE_SERVERKEY, szmsg, strlen(szmsg));
char szpubkey[64] = {0};
char szprikey[64] = {0};
zmq_curve_keypair(szpubkey, szprikey);
zmq_setsockopt(sock, ZMQ_CURVE_PUBLICKEY, szpubkey, strlen(szpubkey));
zmq_setsockopt(sock, ZMQ_CURVE_SECRETKEY, szprikey, strlen(szprikey));
}
zmq_connect(sock, szaddr);
int count = 0;
char szmsg[1024] = {0};
bzero(szmsg, sizeof(szmsg));
fd = inotify_init();
if (fd < 0)
{
fprintf(stderr, "inotify_init failed\n");
return NULL;
}
//wd = inotify_add_watch(fd, "/home/czl/test", IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO );
//inotify_add_watch(fd, "/home/czl/tengswitch", IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO );
wd = inotify_add_watch(fd, "/tmp/dbasky/root", IN_MODIFY | IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO);
if (wd < 0)
{
fprintf(stderr, "inotify_add_watch %s failed\n", "/tmp/dbasky/root");
return NULL;
}
buf[sizeof(buf) - 1] = 0;
while ((len = read(fd, buf, sizeof(buf) - 1)) > 0)
{
nread = 0;
while (len > 0)
{
event = (struct inotify_event *)&buf[nread];
for (i = 0; imask >> i) & 1)
{
if (event->len > 0)
{
bzero(szmsg, sizeof(szmsg));
bzero(cmdbuff, sizeof(cmdbuff));
//fprintf(stdout, "%s --- %s\n", event->name, event_str[i]);
stlogmsg.uiType = 5;
stpcpy(stlogmsg.szIp,pcip);
// stpcpy(stfilestate.szPath,"/home/czl/test");
gettimeofday(&stlogmsg.stRcvTime,NULL);
//stpcpy(stlogmsg.szLogFile,event->name);
stpcpy(stlogmsg.szLogFile,"history");
char text[128];
stpcpy(text,event->name);
if (text[0] != '.')
{
// zmq_send(sock, &stfilestate, sizeof(stFileState), 0);
// zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
printf("type is %d\n ip is %s\n filename is %s\n ",stlogmsg.uiType,stlogmsg.szIp,stlogmsg.szLogFile);
sprintf(cmd,"tac /tmp/dbasky/root/%s",event->name);
// printf("cmd in fprintf is %s",cmd);
fnsteam = getshellvalue(cmd);
count = 0;
while(NULL != fgets(cmdbuff,sizeof(cmdbuff),fnsteam))
{
// fgets(cmdbuff,sizeof(cmdbuff),fnsteam);
if (count< 5 )
{
stpcpy(stlogmsg.szMsg[count],cmdbuff);
printf("cmd in struct is %s\n",stlogmsg.szMsg[count]);
}
else
break;
count++;
}
zmq_send(sock, &stlogmsg, sizeof(stLogMsg), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
printf("return of history cmd is %s\n",szmsg);
}
fclose(fnsteam);
// printf("mestype5 recv is %s\n",szmsg);
}
}
}
nread = nread + sizeof(struct inotify_event) + event->len;
len = len - sizeof(struct inotify_event) - event->len;
}
}
return 0;
}
void *monitorfile(void *arg)
{
int fd,wd,len,nread,i;
char buf[BUFSIZ];
struct inotify_event *event;
stFileState stfilestate;
const char *ip = "10.10.10.201";
char *pcip;
pcip = (char *)arg;
int port = 7002;
void * ctx = zmq_ctx_new();
fb_assert(ctx, "create zmq context faild");
void *sock = zmq_socket(ctx, ZMQ_REQ);
fb_assert(sock, "create zmq socket faild");
char szaddr[128] = {0};
snprintf(szaddr, sizeof(szaddr), "tcp://%s:%d", ip, port);
{//加密相关代码
char szmsg[1024] = {0};
//此密钥为服务端产生的公钥
strcpy(szmsg, "p=lDOa9WKUKz!I9{G)uPX4@&CrV-(>tDg:kaSGzE");
zmq_setsockopt(sock, ZMQ_CURVE_SERVERKEY, szmsg, strlen(szmsg));
char szpubkey[64] = {0};
char szprikey[64] = {0};
zmq_curve_keypair(szpubkey, szprikey);
zmq_setsockopt(sock, ZMQ_CURVE_PUBLICKEY, szpubkey, strlen(szpubkey));
zmq_setsockopt(sock, ZMQ_CURVE_SECRETKEY, szprikey, strlen(szprikey));
}
zmq_connect(sock, szaddr);
int count = 0;
char szmsg[1024] = {0};
bzero(szmsg, sizeof(szmsg));
fd = inotify_init();
if (fd < 0)
{
fprintf(stderr, "inotify_init failed\n");
return NULL;
}
//wd = inotify_add_watch(fd, "/home/czl/test", IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO );
//inotify_add_watch(fd, "/home/czl/tengswitch", IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO );
//wd = inotify_add_watch(fd, "/home/czl/test", IN_MODIFY);
wd = inotify_add_watch(fd, "/etc", IN_MODIFY);
inotify_add_watch(fd, "/etc/profile.d", IN_MODIFY);
inotify_add_watch(fd, "/etc/rc.d/init.d", IN_MODIFY);
inotify_add_watch(fd, "/etc/rc.local", IN_MODIFY);
if (wd < 0)
{
fprintf(stderr, "inotify_add_watch %s failed\n", "/etc");
return NULL;
}
buf[sizeof(buf) - 1] = 0;
while ((len = read(fd, buf, sizeof(buf) - 1)) > 0)
{
nread = 0;
while (len > 0)
{
event = (struct inotify_event *)&buf[nread];
for (i = 0; imask >> i) & 1)
{
if (event->len > 0)
{
bzero(szmsg, sizeof(szmsg));
//fprintf(stdout, "%s --- %s\n", event->name, event_str[i]);
stfilestate.uiType = 3;
stpcpy(stfilestate.szIp,pcip);
// stpcpy(stfilestate.szPath,"/home/czl/test");
gettimeofday(&stfilestate.stRcvTime,NULL);
stpcpy(stfilestate.szFileName,event->name);
if (stfilestate.szFileName[0] != '.')
{
zmq_send(sock, &stfilestate, sizeof(stFileState), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
printf("modify event happend\n");
printf("file changed \n type is %d\n ip is %s\n filename is %s\n ",stfilestate.uiType,stfilestate.szIp,stfilestate.szFileName);
}
// printf("mestype5 recv is %s\n",szmsg);
}
}
}
nread = nread + sizeof(struct inotify_event) + event->len;
len = len - sizeof(struct inotify_event) - event->len;
}
}
return 0;
}
void *monitorfilenum(void *arg)
{
int fd,wd,len,nread,i;
char buf[BUFSIZ],num[10];
struct inotify_event *event;
stFileNum stfilenum;
FILE* fp = NULL;
// if (argc < 2)
// {
// fprintf(stderr, "%s path\n", argv[0]);
// return -1;
//}
char *pcip;
pcip = (char *)arg;
const char *ip = "10.10.10.201";
int port = 7002;
void * ctx = zmq_ctx_new();
fb_assert(ctx, "create zmq context faild");
void *sock = zmq_socket(ctx, ZMQ_REQ);
fb_assert(sock, "create zmq socket faild");
char szaddr[128] = {0};
snprintf(szaddr, sizeof(szaddr), "tcp://%s:%d", ip, port);
{//加密相关代码
char szmsg[1024] = {0};
//此密钥为服务端产生的公钥
strcpy(szmsg, "p=lDOa9WKUKz!I9{G)uPX4@&CrV-(>tDg:kaSGzE");
zmq_setsockopt(sock, ZMQ_CURVE_SERVERKEY, szmsg, strlen(szmsg));
char szpubkey[64] = {0};
char szprikey[64] = {0};
zmq_curve_keypair(szpubkey, szprikey);
zmq_setsockopt(sock, ZMQ_CURVE_PUBLICKEY, szpubkey, strlen(szpubkey));
zmq_setsockopt(sock, ZMQ_CURVE_SECRETKEY, szprikey, strlen(szprikey));
}
zmq_connect(sock, szaddr);
int count = 0;
char szmsg[1024] = {0};
bzero(szmsg, sizeof(szmsg));
fd = inotify_init();
if (fd < 0)
{
fprintf(stderr, "inotify_init failed\n");
return NULL;
}
wd = inotify_add_watch(fd, "/usr/local/sbin", IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO );
//inotify_add_watch(fd, "/home/czl/tengswitch", IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO );
//wd = inotify_add_watch(fd, "/home/czl/test", IN_MODIFY);
if (wd < 0)
{
fprintf(stderr, "inotify_add_watch %s failed\n", "/usr/local/sbin");
return NULL;
}
buf[sizeof(buf) - 1] = 0;
while ((len = read(fd, buf, sizeof(buf) - 1)) > 0)
{
nread = 0;
while (len > 0)
{
event = (struct inotify_event *)&buf[nread];
for (i = 0; imask >> i) & 1)
{
if (event->len > 0)
//fprintf(stdout, "%s --- %s\n", event->name, event_str[i]);
{
stpcpy(stfilenum.szFileName,event->name);
if (stfilenum.szFileName[0] != '.')
{
printf("num in test event happened \n");
bzero(szmsg, sizeof(szmsg));
stfilenum.uiType = 4;
stpcpy(stfilenum.szIp,pcip);
stpcpy(stfilenum.szPath,"/usr/local/sbin");
gettimeofday(&stfilenum.stRcvTime,NULL);
// system("ls -l /home/czl/test |grep '^-' |wc -l > /home/czl/tengswitch/filenum.txt");
// a = fopen("/home/czl/tengswitch/filenum.txt","r");
// if(a == NULL)
// {
// printf("open file:filenum.txt error
");
// exit(0);
// }
if(NULL==( fp = popen("ls -l /usr/local/sbin |grep '^-' |wc -l ","r")))
{
fprintf(stdout,"execute command failed: ");
return NULL;
}
fscanf(fp,"%s",num);
//printf("filenum charged is %s\n",num);
stfilenum.uiFileNum = atoi(num);
fclose(fp);
printf("type 4 root file num changed\n type is %d\n ip is %s\n path is %s\n filename is %s\n file num is %d\n\n\n\n",stfilenum.uiType,stfilenum.szIp,stfilenum.szPath,stfilenum.szFileName,stfilenum.uiFileNum);
zmq_send(sock, &stfilenum, sizeof(stFileNum), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
printf("tpye num recv is %s\n",szmsg);
}
}
//else
//fprintf(stdout, "%s --- %s\n", " ", event_str[i]);
}
}
nread = nread + sizeof(struct inotify_event) + event->len;
len = len - sizeof(struct inotify_event) - event->len;
}
}
return 0;
}
void *monitorhomenum(void *arg)
{
int fd,wd,len,nread,i;
char buf[BUFSIZ],num[10];
struct inotify_event *event;
stFileNum stfilenum;
FILE* fp = NULL;
// if (argc < 2)
// {
// fprintf(stderr, "%s path\n", argv[0]);
// return -1;
//}
char *pcip;
pcip = (char *)arg;
const char *ip = "10.10.10.201";
int port = 7002;
void * ctx = zmq_ctx_new();
fb_assert(ctx, "create zmq context faild");
void *sock = zmq_socket(ctx, ZMQ_REQ);
fb_assert(sock, "create zmq socket faild");
char szaddr[128] = {0};
snprintf(szaddr, sizeof(szaddr), "tcp://%s:%d", ip, port);
{//加密相关代码
char szmsg[1024] = {0};
//此密钥为服务端产生的公钥
strcpy(szmsg, "p=lDOa9WKUKz!I9{G)uPX4@&CrV-(>tDg:kaSGzE");
zmq_setsockopt(sock, ZMQ_CURVE_SERVERKEY, szmsg, strlen(szmsg));
char szpubkey[64] = {0};
char szprikey[64] = {0};
zmq_curve_keypair(szpubkey, szprikey);
zmq_setsockopt(sock, ZMQ_CURVE_PUBLICKEY, szpubkey, strlen(szpubkey));
zmq_setsockopt(sock, ZMQ_CURVE_SECRETKEY, szprikey, strlen(szprikey));
}
zmq_connect(sock, szaddr);
int count = 0;
char szmsg[1024] = {0};
bzero(szmsg, sizeof(szmsg));
fd = inotify_init();
if (fd < 0)
{
fprintf(stderr, "inotify_init failed\n");
return NULL;
}
wd = inotify_add_watch(fd, "/home", IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO );
//inotify_add_watch(fd, "/home/czl/tengswitch", IN_CREATE | IN_DELETE | IN_MOVED_FROM | IN_MOVED_TO );
//wd = inotify_add_watch(fd, "/home/czl/test", IN_MODIFY);
if (wd < 0)
{
fprintf(stderr, "inotify_add_watch %s failed\n", "/home");
return NULL;
}
buf[sizeof(buf) - 1] = 0;
while ((len = read(fd, buf, sizeof(buf) - 1)) > 0)
{
nread = 0;
while (len > 0)
{
event = (struct inotify_event *)&buf[nread];
for (i = 0; imask >> i) & 1)
{
if (event->len > 0)
//fprintf(stdout, "%s --- %s\n", event->name, event_str[i]);
{
stpcpy(stfilenum.szFileName,event->name);
// system("ls -l /home/czl/test |grep '^-' |wc -l > /home/czl/tengswitch/filenum.txt");
// a = fopen("/home/czl/tengswitch/filenum.txt","r");
// if(a == NULL)
// {
// printf("open file:filenum.txt error
");
// exit(0);
// }
if (stfilenum.szFileName[0] != '.')
{
printf("num in home event happened \n");
bzero(szmsg, sizeof(szmsg));
stfilenum.uiType = 4;
stpcpy(stfilenum.szIp,pcip);
stpcpy(stfilenum.szPath,"/home");
gettimeofday(&stfilenum.stRcvTime,NULL);
if(NULL==( fp = popen("ls -l /home |grep '^-' |wc -l ","r")))
{
fprintf(stdout,"execute command failed: ");
return NULL;
}
fscanf(fp,"%s",num);
//printf("filenum charged is %s\n",num);
stfilenum.uiFileNum = atoi(num);
fclose(fp);
printf("type 4 home file num changed\n type is %d\n ip is %s\n path is %s\n filename is %s\n file num is %d\n\n\n\n",stfilenum.uiType,stfilenum.szIp,stfilenum.szPath,stfilenum.szFileName,stfilenum.uiFileNum);
zmq_send(sock, &stfilenum, sizeof(stFileNum), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
printf("tpye num recv is %s\n",szmsg);
}
}
//else
//fprintf(stdout, "%s --- %s\n", " ", event_str[i]);
}
}
nread = nread + sizeof(struct inotify_event) + event->len;
len = len - sizeof(struct inotify_event) - event->len;
}
}
return 0;
}
int reportpathnum()
{
FILE *fd = NULL,*fp = NULL;
char path[1024]="\0",b[10][128],i=0,j,num[128],cmd[128] = "\0";
unsigned int filenum = 0,allnum = 0,pathnum = 0;
if(NULL==(fd = popen("echo $PATH","r")))
{
fprintf(stdout,"execute command failed: ");
return 0;
}
if (NULL == fgets(path,sizeof(path),fd))
return 0;
fclose(fd);
printf("date in path is %s\n",path);
pathnum = strlen(path);
path[pathnum-1] = '\0';
char* token = strtok(path,":");
while(token != NULL)
{
strcpy(b[i++],token);
token = strtok(NULL,":");
if( i == 9 )
break;
}
for(j=0;jopen file:passwd.txt error");
return 0;
}
fscanf(fp,"%s %s %s %s",pcip,task_name,cmanager,manprocess);
fclose(fp);
while(1)
{
printf("process num is %s %s %s",task_name,cmanager,manprocess);
sleep(1);
}
pthread_t history_cmd,filecharge,filenumcharge,homenumcharge;
Msgreport mesgreport;
stProcessState processstate;
stFileNum pathreport;
stLogMsg syslogreport,commendlog;
//syslogreport = (stLogMsg*)malloc(sizeof(stLogMsg)+1);
memset(&syslogreport,0, sizeof(stLogMsg));
void * ctx = zmq_ctx_new();
fb_assert(ctx, "create zmq context faild");
void *sock = zmq_socket(ctx, ZMQ_REQ);
fb_assert(sock, "create zmq socket faild");
char szaddr[128] = "\0";
snprintf(szaddr, sizeof(szaddr), "tcp://%s:%d", ip, port);
{//加密相关代码
char szmsg[1024] = {0};
//此密钥为服务端产生的公钥
strcpy(szmsg, "p=lDOa9WKUKz!I9{G)uPX4@&CrV-(>tDg:kaSGzE");
zmq_setsockopt(sock, ZMQ_CURVE_SERVERKEY, szmsg, strlen(szmsg));
char szpubkey[64] = {0};
char szprikey[64] = {0};
zmq_curve_keypair(szpubkey, szprikey);
zmq_setsockopt(sock, ZMQ_CURVE_PUBLICKEY, szpubkey, strlen(szpubkey));
zmq_setsockopt(sock, ZMQ_CURVE_SECRETKEY, szprikey, strlen(szprikey));
}
zmq_connect(sock, szaddr);
int count = 0;
char szmsg[1024] = {0};
bzero(szmsg, sizeof(szmsg));
// getchar();
// sleep(1);
err = pthread_create(&history_cmd, NULL, get_historycmd, (void *)&pcip);
//printf("have come here");
err1 = pthread_create(&filecharge, NULL, monitorfile, (void *)&pcip);
err2 = pthread_create(&filenumcharge, NULL, monitorfilenum, (void *)&pcip);
err3 = pthread_create(&homenumcharge, NULL, monitorhomenum, (void *)&pcip);
int memory_have = 0;
CPU_OCCUPY cpu_stst1;
CPU_OCCUPY cpu_stst2;
int cpu;
while(1)
{
char szmsg[1024] = {0};
bzero(szmsg, sizeof(szmsg));
// snprintf(szmsg, sizeof(szmsg), "I say %d", ++count);
// fb_debug("send msg : [%s]", szmsg);
// zmq_send(sock, szmsg, strlen(szmsg), 0);
// zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
// fb_debug("recv msg : [%s]", szmsg);
get_cpuoccupy((CPU_OCCUPY *)&cpu_stst1);
sleep(1);
get_cpuoccupy((CPU_OCCUPY *)&cpu_stst2);
cpu = cal_cpuoccupy((CPU_OCCUPY *)&cpu_stst1,(CPU_OCCUPY *)&cpu_stst2);
memory_have = 100*get_memoccupy();
// printf("1cpu usage:%.2f\%\n mem usage:%.2f\%\n",cpu,memory_have);
mesgreport.uiType = 1;
mesgreport.uiCpuRate = 100*cpu;
mesgreport.uiMemRate = memory_have;
stpcpy(mesgreport.szip,pcip);
//printf("2cpu usage:%.2f\%\n mem usage:%.2f\%\n",mesgreport.uiCpuRate,mesgreport.uiMemRate);
//printf("szip is:%s\n",mesgreport.szip);
mesgreport.uiCronNum = uiCronNum();
tcpnum = processnum_tcp();
//tcpnum = 10;
pronum = processnum();
mesgreport.uiTcpEstablishNum = tcpnum;
mesgreport.uiRunningProcessNum = pronum;
//printf("tcp and process is :%d and %d\n",tcpnum,pronum);
// judgecommend();
// judgelogin();
md5passwd = get_md5passwd();
printf("test PasswdMd5 is :%s\n",md5passwd);
// strcpy(mesgreport.szPasswdMd5,md5passwd);
memcpy(mesgreport.szPasswdMd5,md5passwd,strlen(md5passwd));
md5group = get_md5group();
memcpy(mesgreport.szGroupMd5,md5group,strlen(md5group));
gettimeofday(&mesgreport.stRcvTime,NULL);
zmq_send(sock, &mesgreport, sizeof(mesgreport), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
printf("mestype1 recv is %s\n",szmsg);
// printf("Type1 send ip is %s\n passmd5 is %s\n groupmd5 is %s\n cpurate is %d\n memrate is %d\n\n\n\n",mesgreport.szip,mesgreport.szPasswdMd5,mesgreport.szGroupMd5,mesgreport.uiCpuRate,mesgreport.uiMemRate);
pid = 0 ;
getPidByName(&pid, task_name);
if (pid > 0)
cpumemstate1 = 1;
else {
bzero(szmsg, sizeof(szmsg));
processstate.uiType = 2;
stpcpy(processstate.szIp,pcip);
gettimeofday(&processstate.stRcvTime,NULL);
stpcpy(processstate.uiProcessname,"cpumem");
processstate.uiProcessState = 0;
zmq_send(sock, &processstate, sizeof(processstate), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
printf("type 2 send ip is %s\n Type is %d\n processname is %s\n processstate is %d\n\n\n\n",processstate.szIp,processstate.uiType,processstate.uiProcessname,processstate.uiProcessState);
sleep(1);
}
cmpid = 0;
getPidByName(&cmpid, cmanager);
printf("pid of top is %d\n\n",cmpid);
if (cmpid > 0)
cmstate1 = 1;
else{
bzero(szmsg, sizeof(szmsg));
processstate.uiType = 2;
stpcpy(processstate.szIp,pcip);
gettimeofday(&processstate.stRcvTime,NULL);
stpcpy(processstate.uiProcessname,"configmanage");
processstate.uiProcessState = 0;
zmq_send(sock, &processstate, sizeof(processstate), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
// printf("mestype2 recv is %s\n",szmsg);
printf("type 2 send ip is %s\n Type is %d\n processname is %s\n processstate is %d\n\n\n",processstate.szIp,processstate.uiType,processstate.uiProcessname,processstate.uiProcessState);
sleep(1);
}
manpropid = 0;
getPidByName(&manpropid, manprocess);
if (manpropid > 0)
manpstate1 = 1;
else{
bzero(szmsg, sizeof(szmsg));
processstate.uiType = 2;
stpcpy(processstate.szIp,pcip);
gettimeofday(&processstate.stRcvTime,NULL);
stpcpy(processstate.uiProcessname,"manprocess");
processstate.uiProcessState = 0;
zmq_send(sock, &processstate, sizeof(processstate), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
printf("type 2 send ip is %s\n Type is %d\n processname is %s\n processstate is %d\n\n\n",processstate.szIp,processstate.uiType,processstate.uiProcessname,processstate.uiProcessState);
sleep(1);
}
firestate1 = firewallcharge();
if (firestate1 == 1)
{
bzero(szmsg, sizeof(szmsg));
processstate.uiType = 2;
stpcpy(processstate.szIp,pcip);
gettimeofday(&processstate.stRcvTime,NULL);
stpcpy(processstate.uiProcessname,"firewall");
processstate.uiProcessState = 0;
zmq_send(sock, &processstate, sizeof(processstate), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
printf("type 2 send ip is %s\n Type is %d\n processname is %s\n processstate is %d\n\n\n",processstate.szIp,processstate.uiType,processstate.uiProcessname,processstate.uiProcessState);
sleep(1);
}
newloginnum = judgeiflogin();
// printf("newloginnum is %d\n",newloginnum);
if (newloginnum != lastloginnum)
{
bzero(szmsg, sizeof(szmsg));
syslogreport = judgelogin(pcip);
// printf("log before send struct is %s \n",&commendlog.szMsg[0]);
zmq_send(sock, &syslogreport, sizeof(stLogMsg), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
// printf("mestype5 recv is %s\n",szmsg);
lastloginnum = newloginnum;
// printf("msg login type is %d\nip is %s\nfilename is %s\n ",syslogreport.uiType,syslogreport.szIp,syslogreport.szLogFile);
// printf("szMsg0 is %s\n",syslogreport.szMsg[0]);
// printf("szMsg1 is %s\n",syslogreport.szMsg[1]);
// printf("szMsg2 is %s\n",syslogreport.szMsg[2]);
// printf("szMsg3 is %s\n",syslogreport.szMsg[3]);
// printf("szMsg4 is %s\n",syslogreport.szMsg[4]);
}
newpathnum = reportpathnum();
if (newpathnum != lastpathnum)
{
bzero(szmsg, sizeof(szmsg));
pathreport.uiType = 4;
stpcpy(pathreport.szIp,pcip);
stpcpy(pathreport.szPath,"path");
gettimeofday(&pathreport.stRcvTime,NULL);
pathreport.uiFileNum = newpathnum;
zmq_send(sock, &pathreport, sizeof(pathreport), 0);
zmq_recv(sock, szmsg, sizeof(szmsg) - 1, 0);
lastpathnum = newpathnum;
printf("\n\npath receive is %s\n\n",szmsg);
}
}
zmq_close(sock);
zmq_ctx_term(ctx);
zmq_ctx_destroy(ctx);
return 0;
}