thp (0.4.6-9) thpfunc.pl

Summary

 thpfunc.pl |   36 +++++++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 5 deletions(-)

    
download this patch

Patch contents

--- thp-0.4.6.orig/thpfunc.pl
+++ thp-0.4.6/thpfunc.pl
@@ -8,12 +8,17 @@
 # This is free software, released under the terms of the GNU General 
 # Public License avaiable at http://www.fsf.org/licenses/gpl.txt
 
+use POSIX qw(strftime);
+
 
 sub getip {
-$reply = `/sbin/ifconfig $intf`;
-if ($reply =~ /^.*?\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b.*/is) {
-  $thpaddr = $1
-}
+  $thpaddr = 0;
+  if ( $intf =~ /^\w+$/ ) {
+       $reply = `/sbin/ifconfig $intf`;
+       if ($reply =~ /^.*?\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b.*/is) {
+         $thpaddr = $1
+       }
+ }
 }
 
 # Since our SIDs are hex concatanations of unix time in seconds & microseconds,
@@ -67,7 +72,28 @@
   if ($svcname) {
         $sid="$sid.$svcname"}
 
-  $sesslog="$logdir/$sid";
+  if ( -d "$logdir" ) {
+	  $sesslog="$logdir/$sid";
+  } else {
+	  $now = strftime "%a %b %e %H:%M:%S %Y", localtime;
+	  print ERRLOG "$now\tCannot create session directory since $logdir is not a valid directory.\n";
+	  closeout();
+# Unfortunatly, we should break at this point since we cannot log the
+# connections.
+	  exit(1);
+   }
+
+# TODO: Consider using the following code (to separate per address, maybe
+# as an option?)
+# (from simple honeypot)
+#          if ( -d "$logdir/$saddr"){
+#                  $sesslog="$logdir/$saddr/$sid";
+#           } else {
+#TODO: this should check if $saddr is safe before doing this
+#                `mkdir $logdir/$saddr`;
+#                  $sesslog="$logdir/$saddr/$sid";
+#           }
+
 
   if ($logtype eq "single") {
   @capdata = ((strftime("%b %d %T", localtime(time))), ("SID=$sid"), ("PID=$procid"), ("SRC=$saddr"), ("SPT=$sport"));