2 * aulastlog.c - A lastlog program based on audit logs
3 * Copyright (c) 2008-2009,2011 Red Hat Inc., Durham, North Carolina.
6 * This software may be freely redistributed and/or modified under the
7 * terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2, or (at your option) any
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; see the file COPYING. If not, write to the
18 * Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 * Steve Grubb <sgrubb@redhat.com>
30 #include "aulastlog-llist.h"
34 fprintf(stderr, "usage: aulastlog [--stdin] [--user name]\n");
37 int main(int argc, char *argv[])
45 setlocale (LC_ALL, "");
46 for (i=1; i<argc; i++) {
47 if ((strcmp(argv[i], "--user") == 0) ||
48 (strcmp(argv[i], "-u") == 0)) {
56 } else if (strcmp(argv[i], "--stdin") == 0) {
66 // Stuff linked lists with all users
67 while ((p = getpwent()) != NULL) {
77 else if (strcmp(user, p->pw_name) == 0)
82 if (user && list_get_cnt(&l) == 0) {
83 printf("Unknown User: %s\n", user);
87 // Search for successful user logins
89 au = auparse_init(AUSOURCE_FILE_POINTER, stdin);
91 au = auparse_init(AUSOURCE_LOGS, NULL);
93 printf("Error - %s\n", strerror(errno));
96 if (ausearch_add_item(au, "type", "=", "USER_LOGIN",
97 AUSEARCH_RULE_CLEAR)){
98 printf("ausearch_add_item error - %s\n", strerror(errno));
101 if (ausearch_add_item(au, "res", "=", "success",
103 printf("ausearch_add_item error - %s\n", strerror(errno));
106 if (ausearch_set_stop(au, AUSEARCH_STOP_RECORD)){
107 printf("ausearch_set_stop error - %s\n", strerror(errno));
111 // Now scan the logs and append events
112 while (ausearch_next_event(au) > 0) {
113 const au_event_t *e = auparse_get_timestamp(au);
114 if (auparse_find_field(au, "auid")) {
115 uid_t u = auparse_get_field_int(au);
117 if (list_find_uid(&l, u)) {
120 list_update_login(&l, e->sec);
121 str = auparse_find_field(au, "hostname");
123 list_update_host(&l, str);
124 str = auparse_find_field(au, "terminal");
126 list_update_term(&l, str);
129 if (auparse_next_event(au) < 0)
134 // Now output the report
135 printf( "Username Port From"
140 const char *c, *h, *t;
141 lnode *cur = list_get_cur(&l);
143 c = "**Never logged in**";
147 btm = localtime(&cur->sec);
148 strftime(tmp, sizeof(tmp), "%x %T", btm);
157 printf("%-16s %-12.12s %-26.26s %s\n", cur->name, t, h, c);
158 } while (list_next(&l));