99 lines
1.9 KiB
Go
99 lines
1.9 KiB
Go
// Copyright 2021, johan@nosd.in
|
|
// +build freebsd
|
|
//
|
|
// godit is a search tool for BSM audit trails used by FreeBSD auditd
|
|
//
|
|
|
|
/*
|
|
% time ./godit 20211228134923.20211228151348 > godit.log
|
|
11.599u 38.235s 0:48.25 103.2% 1045+553k 1+2262168io 4pf+0w
|
|
% time praudit -l /home/yo/Dev/go/godit/20211228134923.20211228151348 > praudit.log
|
|
101.728u 7.315s 1:49.09 99.9% 10+167k 0+191152io 0pf+0w
|
|
% ./godit -V
|
|
Godit v0.03
|
|
*/
|
|
|
|
package main
|
|
|
|
import (
|
|
"io"
|
|
"os"
|
|
"fmt"
|
|
"github.com/spf13/pflag"
|
|
)
|
|
|
|
const (
|
|
version = "0.03"
|
|
)
|
|
|
|
var (
|
|
randFlag bool
|
|
showVersion bool
|
|
|
|
// Default delimiter
|
|
delimiter = ","
|
|
)
|
|
|
|
|
|
func main() {
|
|
var flags int
|
|
var oneLine bool
|
|
var noUserResolve bool
|
|
|
|
pflag.BoolVarP(&oneLine, "oneline", "l", false, "Prints the entire record on the same line. If this option is not specified, every token is displayed on a different line.")
|
|
pflag.BoolVarP(&noUserResolve, "numeric", "n", false, "Do not convert user and group IDs to their names but leave in their numeric forms.")
|
|
pflag.BoolVarP(&showVersion, "version", "V", false, "Show version then exit")
|
|
|
|
pflag.Parse()
|
|
|
|
if showVersion {
|
|
fmt.Printf("Godit v%s\n", version)
|
|
return
|
|
}
|
|
|
|
if oneLine {
|
|
flags = flags + PRT_ONELINE
|
|
}
|
|
|
|
if noUserResolve {
|
|
flags = flags + PRT_NORESOLVE_USER
|
|
}
|
|
|
|
args := os.Args
|
|
|
|
filename := args[len(args)-1]
|
|
|
|
/* fmt.Printf("Args: %s\n", args)
|
|
fmt.Printf("Filename: %s\n", filename)
|
|
*/
|
|
|
|
if len(filename) > 0 {
|
|
/* err := print_tokens(filename)
|
|
if err != nil {
|
|
:q
|
|
fmt.Printf("Erreur dans print_tokens: %s\n", err.Error())
|
|
return
|
|
}
|
|
}
|
|
*/
|
|
f, err := os.Open(filename)
|
|
if err != nil {
|
|
fmt.Printf("Impossible d'ouvrir le fichier %s\n", filename)
|
|
return
|
|
}
|
|
//for i := 0 ; i < 20 ; i++ {
|
|
for {
|
|
rec, err := readRecordToStruct(f)
|
|
if err != nil {
|
|
if err != io.EOF {
|
|
fmt.Printf("Erreur : %v\n", err)
|
|
}
|
|
return
|
|
}
|
|
rec.Print(os.Stdout, ",", flags)
|
|
}
|
|
}
|
|
}
|
|
|
|
|