dissect.target.plugins.os.unix.log.utmp

Module Contents

Classes

UtmpFile

utmp maintains a full accounting of the current status of the system

Attributes

c_utmp
utmp

dissect.target.plugins.os.unix.log.utmp.c_utmp = Multiline-String

Show Value

"""
#define UT_LINESIZE     32
#define UT_NAMESIZE     32
#define UT_HOSTSIZE     256

typedef uint32 pid_t;

enum Type : char {
    EMPTY           = 0x0,
    RUN_LVL         = 0x1,
    BOOT_TIME       = 0x2,
    NEW_TIME        = 0x3,
    OLD_TIME        = 0x4,
    INIT_PROCESS    = 0x5,
    LOGIN_PROCESS   = 0x6,
    USER_PROCESS    = 0x7,
    DEAD_PROCESS    = 0x8,
    ACCOUNTING      = 0x9,
};

struct exit_status {
    uint16 e_termination;
    uint16 e_exit;
};

struct {
    uint32 tv_sec;
    uint32 tv_usec;
} timeval;

struct entry {
    uint32  ut_type;
    pid_t   ut_pid;
    char    ut_line[UT_LINESIZE];
    char    ut_id[4];
    char    ut_user[UT_NAMESIZE];
    char    ut_host[UT_HOSTSIZE];
    struct  exit_status ut_exit;
    long    ut_session;
    struct  timeval ut_tv;
    int32_t ut_addr_v6[4];
    char    __unused[20];
};
"""

dissect.target.plugins.os.unix.log.utmp.utmp

class dissect.target.plugins.os.unix.log.utmp.UtmpFile(fh, compressed=False)

utmp maintains a full accounting of the current status of the system

__iter__()