2020-05-02 13:15:48 +02:00
# include <stdio.h>
# include <stdlib.h>
2020-05-04 17:22:24 +02:00
# include <string.h>
# include <unistd.h>
# include <time.h>
2020-05-07 13:54:04 +02:00
# include <sys/types.h>
# include <sys/wait.h>
2020-05-07 17:10:00 +02:00
# include <utmp.h>
2020-05-08 14:11:12 +02:00
# include <locale.h>
2020-05-09 14:24:55 +02:00
# include <libgen.h>
2020-05-17 22:19:03 +02:00
# include <sys/inotify.h>
2020-05-27 00:06:05 +02:00
# include <errno.h>
2020-05-02 13:15:48 +02:00
2020-05-13 18:55:48 +02:00
# define HOSTNAME "localhost"
2020-05-17 22:19:03 +02:00
# define EVENT_SIZE (sizeof(struct inotify_event))
2020-05-25 17:40:20 +02:00
# define NONE 0
2020-05-27 00:06:05 +02:00
# define WARNING 1
# define INFO 2
2020-05-25 17:40:20 +02:00
# define DEBUG 3
2020-05-17 22:19:03 +02:00
2020-05-08 17:47:44 +02:00
struct connexion
{
int pid ;
char cmd [ 24 ] ;
char cmdline [ 1000 ] ;
char user [ 24 ] ;
char hostname [ 128 ] ;
char host_ip [ 42 ] ;
char host_ipv6 [ 42 ] ;
char date [ 60 ] ;
} ;
2020-05-13 18:55:48 +02:00
struct config
{
char commande [ 1024 ] ;
char logfile [ 4096 ] ;
char hostname [ 128 ] ;
2020-05-17 22:19:03 +02:00
char configfile [ 4096 ] ;
} ;
2020-05-13 18:55:48 +02:00
2020-05-17 22:19:03 +02:00
struct notify_config
{
int fd ;
int wd ;
2020-05-13 18:55:48 +02:00
} ;
2020-05-27 00:06:05 +02:00
struct config cfg = { " " , " " , " " , " " } ;
int loglevel = DEBUG ;
2020-05-17 22:19:03 +02:00
2020-05-27 00:06:05 +02:00
// return date in localized format
char * frtime ( const time_t timet )
{
struct tm * date_tm ;
static char result [ 40 ] ;
date_tm = localtime ( & timet ) ;
strftime ( result , 40 , " %c " , date_tm ) ;
return result ;
}
int printlog ( char str [ ] , int level , int errnum )
{
FILE * fh = NULL ;
time_t now = 0 ;
char tmp [ 128 ] ;
int retval = EXIT_SUCCESS ;
if ( level < = loglevel )
{
if ( errnum ! = 0 )
{
sprintf ( tmp , " %s: %s %s \n " , frtime ( now ) , str , strerror ( errnum ) ) ;
} else
{
sprintf ( tmp , " %s: %s \n " , frtime ( now ) , str ) ;
}
if ( ( fh = fopen ( cfg . logfile , " a " ) ) = = NULL )
{
perror ( cfg . logfile ) ;
retval = EXIT_FAILURE ;
}
if ( retval = = EXIT_SUCCESS )
{
fprintf ( fh , " %s " , tmp ) ;
fclose ( fh ) ;
}
printf ( " %s " , tmp ) ;
}
return retval ;
}
2020-05-17 22:19:03 +02:00
2020-05-13 18:55:48 +02:00
int explode ( char * str , char * separator , size_t m , size_t n , char exploded [ m ] [ n ] )
{
char * pch ;
int x = 0 ;
pch = strtok ( str , separator ) ;
while ( pch ! = NULL )
{
2020-05-27 00:06:05 +02:00
printlog ( pch , DEBUG , 0 ) ;
2020-05-13 18:55:48 +02:00
strcpy ( exploded [ x + + ] , pch ) ;
pch = strtok ( NULL , separator ) ;
}
return x ;
}
// config function
int readconfig ( struct config * cfg )
{
FILE * fh = NULL ;
2020-05-17 22:56:05 +02:00
FILE * fh1 = NULL ;
2020-05-13 18:55:48 +02:00
char path [ 2 ] [ 30 ] = { " /etc/sshdetect.conf " , " " } ;
int x ;
int retval = 0 ;
char str [ 1024 ] ;
2020-05-27 00:06:05 +02:00
char strlog [ 128 ] ;
2020-05-13 18:55:48 +02:00
char exploded [ 2 ] [ 1024 ] ;
char * homepath ;
char * buff ;
char logfilepath [ 1024 ] ;
homepath = getenv ( " HOME " ) ;
if ( homepath ! = NULL )
{
sprintf ( path [ 1 ] , " %s%s " , homepath , " /.config/sshdetect.conf " ) ;
}
2020-05-17 22:56:05 +02:00
sprintf ( logfilepath , " %s%s " , homepath , " /.local/share/sshdetect.log " ) ;
2020-05-13 18:55:48 +02:00
for ( x = 0 ; x < 2 ; x + + )
{
if ( ( fh = fopen ( path [ x ] , " r " ) ) = = NULL )
{
2020-05-27 00:06:05 +02:00
printlog ( path [ x ] , WARNING , errno ) ;
2020-05-17 22:56:05 +02:00
retval = - 1 ;
2020-05-13 18:55:48 +02:00
} else
{
2020-05-17 22:19:03 +02:00
strcpy ( cfg - > configfile , path [ x ] ) ;
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " Found config file: %s \n " , path [ x ] ) ;
printlog ( strlog , WARNING , 0 ) ;
2020-05-13 18:55:48 +02:00
x = 3 ;
2020-05-17 22:56:05 +02:00
retval = 0 ;
2020-05-13 18:55:48 +02:00
}
}
if ( fh ! = NULL )
{
while ( fgets ( str , 1024 , fh ) ! = NULL )
{
explode ( str , " = \n " , 2 , 1024 , exploded ) ;
if ( strcmp ( exploded [ 0 ] , " commande " ) = = 0 )
{
2020-05-17 22:56:05 +02:00
if ( ( fh1 = fopen ( exploded [ 1 ] , " r " ) ) ! = NULL )
2020-05-13 18:55:48 +02:00
{
strcpy ( cfg - > commande , exploded [ 1 ] ) ;
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " Found command: %s " , cfg - > commande ) ;
printlog ( strlog , INFO , 0 ) ;
2020-05-17 22:56:05 +02:00
fclose ( fh1 ) ;
2020-05-13 18:55:48 +02:00
} else
{
2020-05-27 00:06:05 +02:00
printlog ( exploded [ 1 ] , INFO , errno ) ;
2020-05-13 18:55:48 +02:00
}
} else if ( strcmp ( exploded [ 0 ] , " logfile " ) = = 0 )
{
2020-05-17 22:56:05 +02:00
if ( ( fh1 = fopen ( exploded [ 1 ] , " a " ) ) ! = NULL )
2020-05-13 18:55:48 +02:00
{
strcpy ( cfg - > logfile , exploded [ 1 ] ) ;
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " Found logfile: %s " , cfg - > logfile ) ;
printlog ( strlog , INFO , 0 ) ;
2020-05-17 22:56:05 +02:00
fclose ( fh1 ) ;
2020-05-13 18:55:48 +02:00
}
} else if ( strcmp ( exploded [ 0 ] , " hostname " ) = = 0 )
{
strcpy ( cfg - > hostname , exploded [ 1 ] ) ;
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " Found hostname: %s " , cfg - > hostname ) ;
printlog ( strlog , INFO , 0 ) ;
2020-05-13 18:55:48 +02:00
}
}
}
if ( cfg - > logfile [ 0 ] = = 0 )
{
2020-05-17 22:56:05 +02:00
if ( ( fh1 = fopen ( " /var/log/sshdetect.log " , " a " ) ) ! = NULL )
2020-05-13 18:55:48 +02:00
{
strcpy ( cfg - > logfile , " /var/log/sshdetect.log " ) ;
2020-05-17 22:56:05 +02:00
fclose ( fh1 ) ;
} else if ( ( fh1 = fopen ( logfilepath , " a " ) ) ! = NULL )
2020-05-13 18:55:48 +02:00
{
strcpy ( cfg - > logfile , logfilepath ) ;
2020-05-17 22:56:05 +02:00
fclose ( fh1 ) ;
2020-05-13 18:55:48 +02:00
} else
{
2020-05-27 00:06:05 +02:00
printlog ( logfilepath , WARNING , errno ) ;
2020-05-13 18:55:48 +02:00
strcpy ( cfg - > logfile , " /dev/null " ) ;
retval + = 2 ;
}
2020-05-18 20:20:30 +02:00
printf ( " logfile not found, defaulting to %s \n " , cfg - > logfile ) ;
2020-05-13 18:55:48 +02:00
}
if ( cfg - > hostname [ 0 ] = = 0 )
{
buff = getenv ( " HOSTNAME " ) ;
if ( buff ! = NULL )
{
strcpy ( cfg - > hostname , buff ) ;
} else
{
strcpy ( cfg - > hostname , HOSTNAME ) ;
}
2020-05-18 20:20:30 +02:00
printf ( " hostname not found, defaulting to %s \n " , cfg - > hostname ) ;
2020-05-13 18:55:48 +02:00
}
if ( cfg - > commande [ 0 ] = = 0 )
{
2020-05-18 20:20:30 +02:00
printf ( " command not found in config file: no command will be executed \n " ) ;
2020-05-13 18:55:48 +02:00
retval + = 4 ;
}
return retval ;
}
2020-05-08 17:47:44 +02:00
2020-05-17 22:19:03 +02:00
//test if pid is in list of known sshd processus
2020-05-18 20:20:30 +02:00
// return number of pid
2020-05-04 17:22:24 +02:00
int isinarray ( int pid , int array [ ] , int n )
{
int x ;
2020-05-27 00:06:05 +02:00
char strlog [ 128 ] ;
2020-05-04 17:22:24 +02:00
for ( x = 1 ; x < = n ; x + + )
{
if ( pid = = array [ x ] )
{
2020-05-27 00:06:05 +02:00
if ( loglevel > = DEBUG )
{
sprintf ( strlog , " pid %i is in array " , pid ) ;
printlog ( strlog , DEBUG , 0 ) ;
}
2020-05-04 17:22:24 +02:00
return x ;
}
2020-05-17 22:19:03 +02:00
}
return 0 ;
2020-05-07 17:10:00 +02:00
}
2020-05-27 00:06:05 +02:00
// initialize config file watching
2020-05-17 22:19:03 +02:00
int init_config_watch ( char config_file [ ] , struct notify_config * ncc )
{
ncc - > fd = inotify_init ( ) ;
if ( ncc - > fd < 0 )
{
2020-05-27 00:06:05 +02:00
printlog ( " inotify_init " , WARNING , errno ) ;
2020-05-17 22:19:03 +02:00
return - 1 ;
}
ncc - > wd = inotify_add_watch ( ncc - > fd , config_file , IN_MODIFY | IN_DELETE ) ;
if ( ncc - > wd = = - 1 )
{
2020-05-27 00:06:05 +02:00
printlog ( config_file , WARNING , errno ) ;
2020-05-17 22:19:03 +02:00
return - 2 ;
}
return 0 ;
}
2020-05-27 00:06:05 +02:00
int notify_config_change ( struct notify_config * ncc , char config_file [ ] )
2020-05-17 22:19:03 +02:00
{
int length = 0 ;
int i = 0 ;
int buff_length = ( 1024 * ( EVENT_SIZE + 16 ) ) ;
char buff [ buff_length ] ;
2020-05-27 00:06:05 +02:00
char strlog [ 128 ] ;
2020-05-17 22:19:03 +02:00
fd_set rfds ;
struct timeval tv = { 1 , 0 } ;
int retval ;
FD_ZERO ( & rfds ) ;
FD_SET ( ncc - > fd , & rfds ) ;
retval = select ( ncc - > fd + 1 , & rfds , NULL , NULL , & tv ) ;
if ( retval = = - 1 )
{
2020-05-27 00:06:05 +02:00
printlog ( " select() " , WARNING , errno ) ;
2020-05-17 22:19:03 +02:00
}
else if ( retval )
{
length = read ( ncc - > fd , buff , buff_length ) ;
if ( length < 0 )
{
2020-05-27 00:06:05 +02:00
printlog ( " reading " , WARNING , errno ) ;
2020-05-17 22:19:03 +02:00
return - 1 ;
}
while ( i < length )
{
struct inotify_event * event = ( struct inotify_event * ) & buff [ i ] ;
if ( event - > mask & IN_DELETE )
{
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " The file %s was deleted. " , event - > name ) ;
printlog ( strlog , INFO , 0 ) ;
2020-05-17 22:19:03 +02:00
init_config_watch ( config_file , ncc ) ;
} else if ( event - > mask & IN_MODIFY )
{
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " The file %s was modified. " , event - > name ) ;
printlog ( strlog , INFO , 0 ) ;
readconfig ( & cfg ) ;
2020-05-17 22:19:03 +02:00
}
i + = EVENT_SIZE + event - > len ;
}
}
return 0 ;
}
2020-05-08 02:16:35 +02:00
//get utmp datas
2020-05-08 17:47:44 +02:00
void getutmp ( struct connexion * conn , time_t * time )
2020-05-07 17:10:00 +02:00
{
struct utmp * utmp ;
2020-05-08 13:07:36 +02:00
int ipv6 ;
2020-05-08 12:52:33 +02:00
int ipv4 ;
2020-05-08 02:16:35 +02:00
int x ;
char str [ 6 ] ;
2020-05-27 00:06:05 +02:00
char strlog [ 128 ] ;
2020-05-17 22:19:03 +02:00
2020-05-08 17:47:44 +02:00
conn - > host_ip [ 0 ] = ' \0 ' ;
conn - > host_ipv6 [ 0 ] = ' \0 ' ;
2020-05-07 17:14:51 +02:00
setutent ( ) ;
2020-05-17 22:19:03 +02:00
while ( ( utmp = getutent ( ) ) ! = NULL )
2020-05-07 17:10:00 +02:00
{
2020-05-08 17:47:44 +02:00
if ( utmp - > ut_pid = = conn - > pid )
2020-05-07 17:44:02 +02:00
{
2020-05-08 17:47:44 +02:00
sprintf ( conn - > user , " %s " , utmp - > ut_user ) ; //got user login
2020-05-27 00:06:05 +02:00
printlog ( conn - > user , DEBUG , 0 ) ;
2020-05-08 17:47:44 +02:00
sprintf ( conn - > hostname , " %s " , utmp - > ut_host ) ; //got ip of origin
2020-05-27 00:06:05 +02:00
printlog ( conn - > hostname , DEBUG , 0 ) ;
if ( ( utmp - > ut_addr_v6 [ 1 ] | | utmp - > ut_addr_v6 [ 2 ] | | utmp - > ut_addr_v6 [ 3 ] ) = = 0 )
2020-05-08 02:16:35 +02:00
{
2020-05-08 13:07:36 +02:00
ipv4 = utmp - > ut_addr_v6 [ 0 ] & 0x00000000000000ff ;
2020-05-08 13:10:56 +02:00
sprintf ( str , " %d. " , ipv4 ) ;
2020-05-08 17:47:44 +02:00
strcat ( conn - > host_ip , str ) ;
2020-05-08 13:07:36 +02:00
ipv4 = ( utmp - > ut_addr_v6 [ 0 ] & 0x000000000000ff00 ) > > 8 ;
2020-05-08 13:10:56 +02:00
sprintf ( str , " %d. " , ipv4 ) ;
2020-05-08 17:47:44 +02:00
strcat ( conn - > host_ip , str ) ;
2020-05-08 13:07:36 +02:00
ipv4 = ( utmp - > ut_addr_v6 [ 0 ] & 0x0000000000ff0000 ) > > 16 ;
2020-05-08 13:10:56 +02:00
sprintf ( str , " %d. " , ipv4 ) ;
2020-05-08 17:47:44 +02:00
strcat ( conn - > host_ip , str ) ;
2020-05-08 13:07:36 +02:00
ipv4 = ( utmp - > ut_addr_v6 [ 0 ] & 0x00000000ff000000 ) > > 24 ;
2020-05-08 13:10:56 +02:00
sprintf ( str , " %d " , ipv4 ) ;
2020-05-08 17:47:44 +02:00
strcat ( conn - > host_ip , str ) ;
2020-05-27 00:06:05 +02:00
printlog ( conn - > host_ip , DEBUG , 0 ) ;
2020-05-08 02:16:35 +02:00
} else
{
for ( x = 0 ; x < 4 ; x + + )
{
2020-05-08 13:07:36 +02:00
ipv6 = utmp - > ut_addr_v6 [ x ] & 0x000000000000ffff ;
sprintf ( str , " %x: " , ipv6 ) ;
2020-05-08 17:47:44 +02:00
strcat ( conn - > host_ipv6 , str ) ;
2020-05-08 13:07:36 +02:00
ipv6 = ( utmp - > ut_addr_v6 [ x ] & 0x00000000ffff0000 ) > > 16 ;
sprintf ( str , " %x: " , ipv6 ) ;
2020-05-08 17:47:44 +02:00
strcat ( conn - > host_ipv6 , str ) ;
2020-05-08 13:07:36 +02:00
ipv6 = ( utmp - > ut_addr_v6 [ x ] & 0x0000ffff00000000 ) > > 32 ;
sprintf ( str , " %x: " , ipv6 ) ;
2020-05-08 17:47:44 +02:00
strcat ( conn - > host_ipv6 , str ) ;
2020-05-08 13:07:36 +02:00
ipv6 = ( utmp - > ut_addr_v6 [ x ] & 0xffff000000000000 ) > > 48 ;
sprintf ( str , " %x: " , ipv6 ) ;
2020-05-08 17:47:44 +02:00
strcat ( conn - > host_ipv6 , str ) ;
2020-05-08 02:16:35 +02:00
}
2020-05-08 17:47:44 +02:00
conn - > host_ipv6 [ strlen ( conn - > host_ipv6 ) - 1 ] = ' \0 ' ;
2020-05-27 00:06:05 +02:00
printlog ( conn - > host_ipv6 , DEBUG , 0 ) ;
2020-05-08 02:16:35 +02:00
}
* time = ( time_t ) utmp - > ut_tv . tv_sec ; //got connexion time
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " heure de connexion - %s " , frtime ( * time ) ) ;
2020-05-07 17:48:24 +02:00
break ;
2020-05-07 17:44:02 +02:00
}
2020-05-04 17:22:24 +02:00
}
2020-05-07 17:10:00 +02:00
endutent ( ) ;
2020-05-04 17:22:24 +02:00
}
2020-05-08 02:16:35 +02:00
//replace null characters by space
2020-05-06 17:14:36 +02:00
int null2space ( char str [ ] )
{
int flag = 0 ;
int x = 0 ;
while ( flag = = 0 )
{
if ( ( int ) str [ x ] = = 0 )
{
if ( ( int ) str [ x + 1 ] ! = 0 )
{
str [ x ] = ' ' ;
2020-05-13 18:56:19 +02:00
} else
2020-05-13 18:55:48 +02:00
2020-05-06 17:14:36 +02:00
{
flag = 1 ;
}
}
x + + ;
}
return x - 1 ;
}
2020-05-08 02:16:35 +02:00
// get the childs pids
2020-05-06 15:23:12 +02:00
int getpids ( int pid , int exploded [ ] )
{
FILE * fh ;
char * pch ;
char path [ 1024 ] ;
char str [ 4096 ] ;
2020-05-27 00:06:05 +02:00
char strlog [ 128 ] ;
2020-05-06 15:23:12 +02:00
char separator [ ] = " " ;
int x = 0 ;
2020-05-17 22:19:03 +02:00
sprintf ( path , " /proc/%d/task/%d/children " , pid , pid ) ;
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " process path: %s " , path ) ;
printlog ( strlog , DEBUG , 0 ) ;
2020-05-06 15:23:12 +02:00
if ( ( fh = fopen ( path , " r " ) ) = = NULL )
{
2020-05-27 00:06:05 +02:00
printlog ( path , WARNING , errno ) ;
2020-05-06 15:23:12 +02:00
return - 1 ;
}
if ( fgets ( str , 40 , fh ) ! = NULL )
{
pch = strtok ( str , separator ) ;
while ( pch ! = NULL )
{
2020-05-27 00:06:05 +02:00
printlog ( pch , DEBUG , 0 ) ;
2020-05-06 15:23:12 +02:00
exploded [ x + + ] = atoi ( pch ) ;
pch = strtok ( NULL , separator ) ;
2020-05-09 14:24:55 +02:00
}
2020-05-06 15:23:12 +02:00
fclose ( fh ) ;
return x ;
} else
{
fclose ( fh ) ;
return - 1 ;
}
}
2020-05-27 00:06:05 +02:00
// get informations on processus
2020-05-08 17:47:44 +02:00
int getprocinfo ( struct connexion * conn )
2020-05-02 13:15:48 +02:00
{
2020-05-04 17:22:24 +02:00
FILE * fh1 ;
char child_path [ 128 ] ;
char str [ 1024 ] ;
2020-05-06 15:23:12 +02:00
int child_pid [ 10 ] ;
2020-05-04 17:22:24 +02:00
int flag = 0 ;
int r ;
2020-05-06 15:23:12 +02:00
int level = 0 ;
int retval = 0 ;
2020-05-27 00:06:05 +02:00
//char tab[128];
2020-05-07 19:19:34 +02:00
time_t timet = 0 ;
2020-05-04 17:22:24 +02:00
2020-05-08 02:16:35 +02:00
//get connexion time
2020-05-08 17:47:44 +02:00
getutmp ( conn , & timet ) ;
2020-05-07 19:25:37 +02:00
if ( timet = = 0 )
2020-05-07 19:05:41 +02:00
{
2020-05-07 19:19:34 +02:00
time ( & timet ) ;
2020-05-07 19:05:41 +02:00
}
2020-05-08 17:47:44 +02:00
sprintf ( conn - > date , " %s " , frtime ( timet ) ) ;
2020-05-08 02:16:35 +02:00
//get the pid of the last processus
2020-05-04 17:22:24 +02:00
while ( flag = = 0 )
{
2020-05-08 17:47:44 +02:00
r = getpids ( conn - > pid , child_pid ) ;
2020-05-17 23:33:40 +02:00
if ( r ! = - 1 )
2020-05-04 17:22:24 +02:00
{
2020-05-06 15:23:12 +02:00
level + + ;
2020-05-27 00:06:05 +02:00
//strcat(tab," ");
2020-05-08 17:47:44 +02:00
conn - > pid = child_pid [ 0 ] ;
2020-05-04 17:22:24 +02:00
} else
{
flag = 1 ;
}
}
2020-05-08 02:16:35 +02:00
// get the command parameters
2020-05-08 17:47:44 +02:00
sprintf ( child_path , " /proc/%d/cmdline " , conn - > pid ) ;
2020-05-17 23:33:40 +02:00
if ( ( fh1 = fopen ( child_path , " r " ) ) = = NULL )
2020-05-04 17:22:24 +02:00
{
2020-05-27 00:06:05 +02:00
printlog ( child_path , WARNING , errno ) ;
2020-05-06 15:23:12 +02:00
return 2 ;
2020-05-04 17:22:24 +02:00
}
fgets ( str , 1024 , fh1 ) ;
2020-05-06 17:14:36 +02:00
null2space ( str ) ;
2020-05-08 17:47:44 +02:00
sprintf ( conn - > cmdline , " %s " , str ) ;
2020-05-04 17:22:24 +02:00
fclose ( fh1 ) ;
2020-05-27 00:06:05 +02:00
printlog ( conn - > cmdline , DEBUG , 0 ) ;
2020-05-25 17:40:20 +02:00
if ( ( strstr ( conn - > cmdline , " pam " ) | | strstr ( conn - > cmdline , " net " ) | | strstr ( conn - > cmdline , " accepted " ) ) ! = 0 )
2020-05-17 23:33:40 +02:00
{
2020-05-27 00:06:05 +02:00
printlog ( " comdline is pam or net or accepted " , DEBUG , 0 ) ;
2020-05-17 23:33:40 +02:00
retval = - 1 ;
}
2020-05-08 02:16:35 +02:00
// get the command name
2020-05-08 17:47:44 +02:00
sprintf ( child_path , " /proc/%d/comm " , conn - > pid ) ;
2020-05-04 17:22:24 +02:00
if ( ( fh1 = fopen ( child_path , " r " ) ) = = NULL )
{
2020-05-27 00:06:05 +02:00
printlog ( child_path , WARNING , errno ) ;
2020-05-06 15:23:12 +02:00
return 3 ;
2020-05-04 17:22:24 +02:00
}
2020-05-08 17:47:44 +02:00
fscanf ( fh1 , " %s " , conn - > cmd ) ;
2020-05-04 17:22:24 +02:00
fclose ( fh1 ) ;
2020-05-17 23:33:40 +02:00
2020-05-06 15:23:12 +02:00
return retval ;
2020-05-04 17:22:24 +02:00
}
2020-05-08 17:47:44 +02:00
int main ( )
2020-05-04 17:22:24 +02:00
{
2020-05-13 18:55:48 +02:00
FILE * fh = NULL ;
2020-05-04 17:22:24 +02:00
FILE * fh1 ;
2020-05-06 15:23:12 +02:00
int n_ssh = 10 ;
2020-05-04 17:22:24 +02:00
int id ;
int pid ;
2020-05-06 15:23:12 +02:00
int y = 0 ;
2020-05-13 18:55:48 +02:00
int r = 0 ;
2020-05-04 17:22:24 +02:00
int i ;
int j ;
2020-05-06 15:23:12 +02:00
int n ;
2020-05-27 00:06:05 +02:00
int n_pid = 0 ;
2020-05-06 15:23:12 +02:00
int start = 1 ;
int childrens [ n_ssh ] ;
int pids [ n_ssh ] ;
int flag [ n_ssh ] ;
int rinfo ;
2020-05-07 13:54:04 +02:00
int status ;
2020-05-08 17:47:44 +02:00
char ip [ 42 ] = " " ;
2020-05-04 17:22:24 +02:00
char str [ 1024 ] ;
char date [ 60 ] ;
2020-05-13 18:55:48 +02:00
time_t now = 0 ;
2020-05-08 15:27:06 +02:00
char * language ;
2020-05-27 00:06:05 +02:00
char strlog [ 128 ] ;
2020-05-17 22:19:03 +02:00
// char * buff;
2020-05-08 17:47:44 +02:00
struct connexion conn ;
struct connexion connexions [ n_ssh ] ;
2020-05-27 00:06:05 +02:00
2020-05-17 22:19:03 +02:00
struct notify_config ncc ;
2020-05-08 15:32:55 +02:00
//char * ptr;
2020-05-09 14:24:55 +02:00
2020-05-17 22:19:03 +02:00
// Loading configuration
2020-05-13 18:55:48 +02:00
readconfig ( & cfg ) ;
2020-05-09 14:24:55 +02:00
2020-05-13 18:55:48 +02:00
//localizing
if ( ( language = getenv ( " LANGUAGE " ) ) ! = NULL )
2020-05-08 18:44:06 +02:00
{
2020-05-13 18:55:48 +02:00
strtok ( language , " : " ) ;
} else if ( ( language = getenv ( " LC_ALL " ) ) = = NULL )
2020-05-08 18:44:06 +02:00
{
2020-05-13 18:55:48 +02:00
language = " " ;
2020-05-08 18:44:06 +02:00
}
2020-05-13 18:55:48 +02:00
setlocale ( LC_ALL , language ) ;
2020-05-08 14:51:57 +02:00
2020-05-04 17:22:24 +02:00
time ( & now ) ;
2020-05-08 15:32:55 +02:00
sprintf ( date , " %s " , frtime ( now ) ) ;
2020-05-27 00:06:05 +02:00
printlog ( " Démarrage de sshdetect " , INFO , 0 ) ;
2020-05-13 18:55:48 +02:00
sprintf ( str , " %s \" %s - %s: Démarrage de sshdetect \" " , cfg . commande , cfg . hostname , date ) ;
2020-05-04 17:22:24 +02:00
id = fork ( ) ;
if ( id = = 0 )
{
2020-05-13 18:55:48 +02:00
if ( cfg . commande [ 0 ] ! = 0 )
{
r = system ( str ) ;
} else
{
2020-05-27 00:06:05 +02:00
printlog ( " no command defined: no command launched " , WARNING , 0 ) ;
2020-05-13 18:55:48 +02:00
}
2020-05-04 17:22:24 +02:00
exit ( r ) ;
} else if ( id < 0 )
{
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " erreur de création du fork: %s " , str ) ;
printlog ( strlog , WARNING , 0 ) ;
2020-05-04 17:22:24 +02:00
}
2020-05-17 22:19:03 +02:00
init_config_watch ( cfg . configfile , & ncc ) ;
2020-05-04 17:22:24 +02:00
while ( 1 )
{
2020-05-27 00:06:05 +02:00
memset ( & conn , 0 , sizeof ( conn ) ) ;
2020-05-04 17:22:24 +02:00
// get the sshd process ID (PID)
if ( ( fh = fopen ( " /run/sshd.pid " , " r " ) ) = = NULL )
{
2020-05-27 00:06:05 +02:00
printlog ( " /run/sshd.pid " , WARNING , errno ) ;
2020-05-04 17:22:24 +02:00
return 1 ;
}
if ( fscanf ( fh , " %i " , & pid ) = = 0 )
{
2020-05-27 00:06:05 +02:00
printlog ( " erreur fscanf: /run/sshd.pid " , WARNING , 0 ) ;
2020-05-04 17:22:24 +02:00
return 10 ;
}
fclose ( fh ) ;
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " %i " , pid ) ;
printlog ( strlog , DEBUG , 0 ) ;
2020-05-04 17:22:24 +02:00
//get the list of children
2020-05-06 16:36:48 +02:00
if ( ( n = getpids ( pid , pids ) ) ! = - 1 )
2020-05-04 17:22:24 +02:00
{
2020-05-06 19:05:56 +02:00
for ( y = 0 ; y < n ; y + + )
2020-05-04 17:22:24 +02:00
{
2020-05-06 15:23:12 +02:00
pid = pids [ y ] ;
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " pid %i " , pid ) ;
printlog ( strlog , DEBUG , 0 ) ;
r = isinarray ( pid , childrens , n_pid ) ;
2020-05-06 15:23:12 +02:00
if ( r = = 0 )
2020-05-04 17:22:24 +02:00
{
2020-05-08 17:47:44 +02:00
conn . user [ 0 ] = ' \0 ' ;
conn . pid = pid ;
rinfo = getprocinfo ( & conn ) ;
2020-05-06 15:23:12 +02:00
if ( rinfo = = 0 )
2020-05-04 17:22:24 +02:00
{
2020-05-08 17:47:44 +02:00
if ( conn . host_ip [ 0 ] ! = ' \0 ' )
{
strcpy ( ip , conn . host_ip ) ;
} else if ( conn . host_ipv6 [ 0 ] ! = ' \0 ' )
{
strcpy ( ip , conn . host_ipv6 ) ;
}
2020-05-27 00:06:05 +02:00
n_pid + + ;
childrens [ n_pid ] = pid ;
flag [ n_pid ] = 1 ;
connexions [ n_pid ] = conn ;
2020-05-07 19:05:41 +02:00
// date of connexion
2020-05-08 17:47:44 +02:00
if ( conn . user [ 0 ] = = ' \0 ' )
2020-05-06 18:50:57 +02:00
{
2020-05-27 00:06:05 +02:00
sprintf ( str , " %s: %s \" %s: tunnel ouvert depuis %s pid: %d avec la commande: %s %s \" " , conn . date , cfg . commande , cfg . hostname , ip , conn . pid , conn . cmd , conn . cmdline ) ;
2020-05-06 18:50:57 +02:00
} else
{
2020-05-27 00:06:05 +02:00
sprintf ( str , " %s: %s \" %s: %s s'est connecté depuis %s pid: %d avec la commande: %s %s \" " , conn . date , cfg . commande , cfg . hostname , conn . user , ip , conn . pid , conn . cmd , conn . cmdline ) ;
2020-05-06 18:50:57 +02:00
}
2020-05-06 15:23:12 +02:00
if ( start ! = 1 )
{
id = fork ( ) ;
2020-05-13 18:55:48 +02:00
if ( id > 0 )
2020-05-06 15:23:12 +02:00
{
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " %s: Connexion de %s depuis %s commande: %s %s " , conn . date , conn . user , ip , conn . cmd , conn . cmdline ) ;
2020-05-13 18:55:48 +02:00
} else if ( id < 0 )
2020-05-06 15:23:12 +02:00
{
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " erreur de création du fork: %s " , str ) ;
printlog ( strlog , WARNING , 0 ) ;
2020-05-06 15:23:12 +02:00
} else
{
2020-05-13 18:55:48 +02:00
if ( cfg . commande [ 0 ] ! = 0 )
{
2020-05-27 00:06:05 +02:00
printlog ( str , INFO , 0 ) ;
2020-05-13 18:55:48 +02:00
r = system ( str ) ;
} else
{
2020-05-27 00:06:05 +02:00
printlog ( " no command defined: no command launched " , WARNING , 0 ) ;
2020-05-13 18:55:48 +02:00
}
exit ( r ) ;
2020-05-06 15:23:12 +02:00
}
} else
2020-05-04 17:22:24 +02:00
{
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " %s: %s Connecté depuis %s - %s %s \n " , conn . date , conn . user , ip , conn . cmd , conn . cmdline ) ;
printlog ( strlog , INFO , 0 ) ;
2020-05-04 17:22:24 +02:00
}
2020-05-13 18:55:48 +02:00
} else if ( rinfo = = - 1 )
{
2020-05-27 00:06:05 +02:00
sprintf ( strlog , " %i => 2 pids : en cours de connexion \n " , conn . pid ) ;
printlog ( strlog , INFO , 0 ) ;
2020-05-04 17:22:24 +02:00
}
2020-05-06 15:23:12 +02:00
} else
{
flag [ r ] = 1 ;
2020-05-04 17:22:24 +02:00
}
}
2020-05-27 00:06:05 +02:00
}
for ( i = 1 ; i < = n_pid ; i + + )
{
if ( flag [ i ] = = 0 )
2020-05-04 17:22:24 +02:00
{
2020-05-27 00:06:05 +02:00
time ( & now ) ;
sprintf ( date , " %s " , frtime ( now ) ) ;
sprintf ( strlog , " %s: Session %d de %s terminée \n " , date , connexions [ i ] . pid , connexions [ i ] . user ) ;
printlog ( strlog , INFO , 0 ) ;
sprintf ( strlog , " %s: %s - pid %d - Connexion de %s terminée " , connexions [ i ] . date , cfg . hostname , connexions [ i ] . pid , connexions [ i ] . user ) ;
printlog ( strlog , INFO , 0 ) ;
for ( j = i ; j < n_pid ; j + + )
2020-05-06 15:23:12 +02:00
{
2020-05-27 00:06:05 +02:00
childrens [ j ] = childrens [ j + 1 ] ;
flag [ j ] = flag [ j + 1 ] ;
2020-05-04 17:22:24 +02:00
}
2020-05-27 00:06:05 +02:00
i - - ;
n_pid - - ;
} else
{
flag [ i ] = 0 ;
2020-05-04 17:22:24 +02:00
}
}
2020-05-17 22:19:03 +02:00
waitpid ( - 1 , & status , WNOHANG ) ;
// sleep(1);
2020-05-27 00:06:05 +02:00
notify_config_change ( & ncc , cfg . configfile ) ;
2020-05-04 17:22:24 +02:00
start = 0 ;
}
return 0 ;
2020-05-02 13:15:48 +02:00
}