lsof 4.91 compiled for PuppyLinux

[musher0]

(Edit, Febr. 23, 2019)
Version 4.91 of lsof is towards the bottom of this page.
(End of edit)
~~~~~~~~~~~~~~~~
Hello.

Here is a pet archive of lsof 4.89C, published last April.

lsof is defined as a "an active file lister". File being understood here in the
linux sense, i.e.: everything is a file in linux...

So lsof will list open internet connections as well as active lib's in RAM. Its
listing is more complete than a listing made with ps. Anyway, for add'l
info, the lsof web site is here.

Enjoy!

musher0

[musher0]

Hello, all.

Here is an example of lsof listing active lib's with command line

Code: Select all

lsof | grep so | more

The names of the fields are as follows:
COMMAND --- PID --- TID --- USER --- FD --- TYPE --- DEVICE --- SIZE/OFF --- NODE --- NAME
The name of the related executable appears in the first column to the left.

BFN.

musher0

[musher0]

Almost forgot to mention...

I compiled my lsof pet above in PuppyPrecise 5.4.3. So it's a 32-bit exec,
plus it'll work on Puppies with glibc 2.15 or higher.

Also, before you ask: no particular configuration at compile time. Just
the required "./Configure" (lsof for linux is derived from unix, so the
compilation procedure is a little different), and "make".

I stripped the resulting executable with > strip --strip-unneeded lsof <.

Then I built the pet archive, copying the file hierarchy from a lsof-4.87
pet that I had produced earlier.

BFN.

musher0

[goingnuts]

Needed lsof for P412 so build static linked version of lsof-4.89.
Build with uclibc (./Configure linux) - and should work in most Puppy versions including 64-bit.

[musher0]

Thanks, goingnuts.

lsof is a great tool. The more versions we have, the better.

What did you need it for, if I may?

BFN.

musher0

[goingnuts]

Originally tried to create an application firewall and lsof was mentioned somewhere as a possible building block. Now using it to view which apps are connected to the internet and to where (lsof -i).
example alert-model script:

Code: Select all

#!/bin/sh
#alert - simple application internet access watchdog
#looks for apps not in /etc/allow, if found give warning
#2015 goingnuts
echo tor > /etc/allow	#for test - remove and create your own
while true; do
	ACTUAL=$(lsof -itcp | grep ESTABLISHED | grep -v localhost | cut -d " " -f1 | sort -u)
	for X in ${ACTUAL}; do
		if [ "$(grep ${X} /etc/allow)" = "" ]; then
			echo "${X} is accessing the internet - it is not allowed!"
		fi
	sleep 1
	done 
done

[musher0]

Can be quite useful. Thanks.

If the script finds an intruder, would you be considering a "fight-back" action?

[goingnuts]

The original goal was to stop applications not in allow list from connecting to the internet. lsof only helps to inform when the connection has been made. You could create a startup script in /etc/init.d that just kill everything discovered not in allow-list. But drawback is you then need another script to do the configure...
The script also seem too slow to discover fx. a single ping or a quick wget running.
Below is my current compromise running after X has started (put it in /root/Startup) - sort of information and action script.

Code: Select all

#!/bin/sh
#alert - simple application internet access watchdog
#looks for apps not in /etc/allow, if found give warning/choice
#2015 goingnuts
if [ ! $(which lsof) ]; then
	Xdialog --title "Message from alert" --msgbox "Missing lsof.
Program will not run without it.
Press OK to quit." 0 0
exit
fi
[ ! -f /etc/allow ] && echo -n > /etc/allow
while true; do
	ACTUAL=$(lsof -itcp | grep ESTABLISHED | grep -v localhost | cut -d " " -f1 | sort -u)
	for X in ${ACTUAL}; do
		if [ "$(grep ${X} /etc/allow)" = "" ]; then
  			Xdialog --stdout  --title "Message from alert" --no-cancel --yesno "${X} is accessing the internet - should it be allowed?" 0 0
   			if [ $? -eq 0 ]; then
  				echo ${X} >> /etc/allow
  			else
  				kill $(pgrep ${X})
  			fi
		fi
	sleep 1
	done 
done
exit

[musher0]

To any who are interested,

here are a couple of beginner-level articles on lsof:

http://www.thegeekstuff.com/2012/08/lso ... -examples/

https://danielmiessler.com/study/lsof/#gs.SMZI_=o

http://www.techrepublic.com/article/tra ... x/1049412/

IHTH.

[musher0]

Hello all.

Please find attached lsof-4.91, dated March 26, 2018, latest as of this writing.
For your convenience, the docs and executables are in separate archives.

Compiled from source for/on DPupBuster-7.9.0.2, which has an ldd version of 2.28.

Please note: may not work on older Pups. If so, please try one of the older versions
offered above. Thanks.

Best regards.