Update watcher.c

Legal Counsel white listed… Signed-off-by: Josef Edwards <joed6834@colorado.edu>
bearycool11 · Nov 25, 2024 · 7501959 · 7501959
1 parent e189185
commit 7501959
Showing 1 changed file with 43 additions and 2 deletions.
diff --git a/watcher.c b/watcher.c
@@ -1,4 +1,9 @@
 #include "watcher.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <time.h>
 
 // Global whitelist and blacklist
 char *whitelist[] = {"62.0.0.1", "62.0.0.2"};
@@ -42,23 +47,38 @@ void monitor_logs() {
 void handle_failed_attempt(const char *ip) {
     if (is_whitelisted(ip)) return;
 
+    // Log the first attempt
+    FILE *log = fopen("/var/log/failed_attempts.log", "a");
+    if (log) {
+        fprintf(log, "Failed login attempt from %s at %ld\n", ip, time(NULL));
+        fclose(log);
+    }
+
+    // Message for the first attempt
     printf("[Watcher] State your case on why you accessed the back door. Your activity has been logged.\n");
+
+    // Add additional functions to snoop data and record input
     snoop_data_streams(ip);
     record_user_input(ip);
+
+    // Handle second attempt and block if necessary
     add_to_blacklist(ip);
     printf("[Watcher] Warning! IP %s flagged.\n", ip);
 }
 
 // Snoop Data Streams
 void snoop_data_streams(const char *ip) {
     printf("[Watcher] Snoop data streams for IP: %s\n", ip);
-    // Add snooping logic here
+    // You can capture traffic related to the IP here (e.g., using tcpdump or Wireshark)
+    char command[256];
+    snprintf(command, sizeof(command), "sudo tcpdump -i eth0 host %s -w capture.pcap", ip);
+    system(command);  // Capture traffic from the specific IP
 }
 
 // Record User Input
 void record_user_input(const char *ip) {
     printf("[Watcher] Record user input for IP: %s\n", ip);
-    // Add user input recording logic here
+    // You can implement logic to capture user input here if necessary
 }
 
 // Check if IP is Whitelisted
@@ -75,4 +95,25 @@ void add_to_blacklist(const char *ip) {
         blacklist[blacklist_count++] = strdup(ip);
     }
     printf("[Watcher] IP %s added to blacklist.\n", ip);
+
+    // Add IP to the firewall blacklist using ufw
+    char command[256];
+    snprintf(command, sizeof(command), "sudo ufw deny from %s", ip);
+    system(command);
+
+    // Add IP to fail2ban blacklist
+    snprintf(command, sizeof(command), "sudo fail2ban-client set sshd banip %s", ip);
+    system(command);
+
+    // Save the blacklist to disk for persistence
+    save_blacklist();
+}
+
+// Save Blacklist to Disk (for persistence)
+void save_blacklist() {
+    FILE *file = fopen("/var/log/blacklist.txt", "w");
+    for (int i = 0; i < blacklist_count; i++) {
+        fprintf(file, "%s\n", blacklist[i]);
+    }
+    fclose(file);
 }