DTux/dtux__sshdetect
Archived
1
0
Fork 0
Code

added ipv6 adress

Browse Source
This commit is contained in:
Daniel Tartavel 2020-05-08 02:16:35 +02:00
parent ce35181bc6
commit 7f552b7e8a
1 changed files with 53 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
main.c
View File

@ -9,6 +9,7 @@
#define HOSTNAME "lalis" #define HOSTNAME "lalis"
//test if pid is in lsit of known sshd processus
int isinarray( int pid, int array[], int n ) int isinarray( int pid, int array[], int n )
{ {
//if (n == 0) return 0; //if (n == 0) return 0;
@ -22,23 +23,60 @@ int isinarray( int pid, int array[], int n )
} return 0; } return 0;
} }
void getutmp( int pid, char user[], char host_ip[], time_t * time ) //get utmp datas
void getutmp( int pid, char user[], char host_ip[], char host_ipv6[], time_t * time )
{ {
struct utmp * utmp; struct utmp * utmp;
short int ipv6_1;
short int ipv6_2;
short int ipv4;
int x;
char str[6];
setutent(); setutent();
while ( (utmp = getutent()) != NULL ) while ( (utmp = getutent()) != NULL )
{ {
if ( utmp->ut_pid == pid ) if ( utmp->ut_pid == pid )
{ {
sprintf(user, "%s", utmp->ut_user); sprintf(user, "%s", utmp->ut_user); //got user login
sprintf(host_ip, "%s", utmp->ut_host); sprintf(host_ip, "%s", utmp->ut_host); //got ip of origin
*time = (time_t) utmp->ut_tv.tv_sec; if((utmp->ut_addr_v6[1] && utmp->ut_addr_v6[2] && utmp->ut_addr_v6[3]) == 0)
{
ipv4 = utmp->ut_addr_v6[0] & 0x000000ff;
sprintf( str, "%x.", ipv4);
strcat(host_ip, str);
ipv4 = utmp->ut_addr_v6[0] & 0x0000ff00;
sprintf( str, "%x.", ipv4);
strcat(host_ip, str);
ipv4 = utmp->ut_addr_v6[0] & 0x00ff0000;
sprintf( str, "%x.", ipv4);
strcat(host_ip, str);
ipv4 = utmp->ut_addr_v6[0] & 0xff000000;
sprintf( str, "%x", ipv4);
strcat(host_ip, str);
}else
{
for (x=0;x<4;x++)
{
ipv6_1 = utmp->ut_addr_v6[x] & 0xffff0000;
sprintf( str, "%x:", ipv6_1);
strcat(host_ipv6, str);
ipv6_2 = utmp->ut_addr_v6[x] & 0x0000ffff;
sprintf( str, "%x:", ipv6_1);
strcat(host_ipv6, str);
}
host_ipv6[strlen(host_ipv6)-1] = '\0';
}
*time = (time_t) utmp->ut_tv.tv_sec; //got connexion time
break; break;
} }
} }
endutent(); endutent();
} }
//replace null characters by space
int null2space( char str[] ) int null2space( char str[] )
{ {
int flag =0; int flag =0;
@ -61,6 +99,7 @@ int null2space( char str[] )
return x-1 ; return x-1 ;
} }
// get the childs pids
int getpids(int pid, int exploded[]) int getpids(int pid, int exploded[])
{ {
FILE *fh; FILE *fh;
@ -94,28 +133,29 @@ int getpids(int pid, int exploded[])
} }
} }
int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip[], char date[] ) int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip[], char host_ipv6[], char date[] )
{ {
FILE *fh1; FILE *fh1;
char child_path[128]; char child_path[128];
char str[1024]; char str[1024];
// char * pch;
int child_pid[10]; int child_pid[10];
int flag = 0; int flag = 0;
int r; int r;
// int x = 0;
int pid = ppid; int pid = ppid;
int level = 0; int level = 0;
int retval = 0; int retval = 0;
time_t timet=0; time_t timet=0;
getutmp( pid, user, host_ip, &timet ); //get connexion time
getutmp( pid, user, host_ip, host_ipv6, &timet );
if ( timet == 0) if ( timet == 0)
{ {
time( &timet ); time( &timet );
} }
sprintf( date, "%s", ctime(&timet) ); sprintf( date, "%s", ctime(&timet) );
date[strlen(date)-1] = 0; date[strlen(date)-1] = 0;
//get the pid of the last processus
while ( flag == 0) while ( flag == 0)
{ {
r = getpids( pid, child_pid ); r = getpids( pid, child_pid );
@ -132,6 +172,8 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip
flag = 1; flag = 1;
} }
} }
// get the command parameters
sprintf( child_path, "/proc/%d/cmdline", pid ); sprintf( child_path, "/proc/%d/cmdline", pid );
if ( (fh1= fopen( child_path, "r" )) == NULL) if ( (fh1= fopen( child_path, "r" )) == NULL)
{ {
@ -143,6 +185,7 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip
null2space( str ); null2space( str );
sprintf(cmdline, "%s", str); sprintf(cmdline, "%s", str);
fclose(fh1); fclose(fh1);
// get the command name
sprintf( child_path, "/proc/%d/comm", pid ); sprintf( child_path, "/proc/%d/comm", pid );
if ( (fh1= fopen(child_path, "r" )) == NULL) if ( (fh1= fopen(child_path, "r" )) == NULL)
{ {
@ -151,19 +194,6 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip
} }
fscanf( fh1, "%s", cmd ); fscanf( fh1, "%s", cmd );
fclose(fh1); fclose(fh1);
/*sprintf( child_path, "/proc/%d/environ", pid );
if ( (fh1= fopen(child_path, "r" )) == NULL)
{
perror(child_path);
return 5;
}
fgets( str, 1024, fh1);
fclose(fh1);
null2space( str );
if ( (pos = strstr( str, "USER=")) != NULL)
{
sscanf( pos+5, "%s", user);
}*/
return retval; return retval;
} }
@ -193,6 +223,7 @@ int main()
char cmdline[1000]; char cmdline[1000];
char user[24]=""; char user[24]="";
char host_ip[42]; char host_ip[42];
char host_ipv6[42];
char str[1024]; char str[1024];
char date[60]; char date[60];
time_t now ; time_t now ;
@ -243,7 +274,7 @@ int main()
if( r == 0 ) if( r == 0 )
{ {
user[0]='\0'; user[0]='\0';
rinfo = getprocinfo( pid, cmdline, cmd, user, host_ip, date ); rinfo = getprocinfo( pid, cmdline, cmd, user, host_ip, host_ipv6, date );
if( rinfo == 0 ) if( rinfo == 0 )
{ {
x++; x++;