diff --git a/main.c b/main.c index 66f31f8..af18276 100644 --- a/main.c +++ b/main.c @@ -1,8 +1,240 @@ #include #include +#include +#include +#include -int main(int argc, char *argv[]) +#define HOSTNAME "lalis" + +int isinarray( int pid, int array[], int n ) { - puts("Hello, World!"); - return 0; + //if (n == 0) return 0; + int x; + for(x=1;x<=n;x++) + { + if( pid == array[x]) + { + return x; + } + } + return 0; +} + +int getcmdline( int ppid, char cmdline[], char cmd[], char user[] ) +{ + FILE *fh1; + char child_path[128]; + char str[1024]; + char * pch; + int child_pid; + int flag = 0; + int r; + int x = 0; + int pid = ppid; + + while ( flag == 0) + { + sprintf( child_path, "/proc/%d/task/%d/children", pid,pid); + if ( (fh1 = fopen( child_path, "r" )) == NULL) + { + perror(child_path); + return 3; + } + r = fscanf( fh1, "%i", &child_pid ); + if ( r != -1 ) + { + pid = child_pid; + }else + { + flag = 1; + } + fclose(fh1); + } + sprintf( child_path, "/proc/%d/cmdline", pid ); + if ( (fh1= fopen( child_path, "r" )) == NULL) + { + perror(child_path); + return 4; + } + fgets( str, 1024, fh1); + flag = 0; + while ( flag == 0 ) + { + if ( (int) str[x] == 0 ) + { + if ( (int) str[x+1] != 0 ) + { + str[x] = ' '; + }else + { + flag = 1; + } + } + x++; + } + sprintf(cmdline, "%s", str); + fclose(fh1); + sprintf( child_path, "/proc/%d/comm", pid ); + if ( (fh1= fopen(child_path, "r" )) == NULL) + { + perror(child_path); + return 5; + } + fscanf( fh1, "%s", cmd ); + fclose(fh1); + sprintf( child_path, "/proc/%d/environ", pid ); + if ( (fh1= fopen(child_path, "r" )) == NULL) + { + perror(child_path); + return 5; + } + fscanf( fh1, "%s", str); + pch = strtok( str, "=" ); + pch = strtok( NULL , "=" ); + sprintf( user, "%s", pch); + fclose(fh1); + return 0; +} + +int main() +{ + FILE *fh; + FILE *fh1; + int id; + int pid; + int x=0; + int r; + int i; + int j; + int start =1; + int childrens[10]; + int flag[10]; + char proc_path[128]; + char commande[] = "/usr/local/bin/send_sms"; + char logfile[] = "/var/log/sshdetect.log"; + char cmd[24]; + char cmdline[1000]; + char user[24]; + char str[1024]; + char date[60]; + time_t now ; + + time( &now ); + sprintf( date, "%s", ctime(&now)); + date[strlen(date)-1] = 0; + if ( (fh = fopen(logfile, "a")) == NULL) + { + perror(logfile); + return 1; + } + fprintf(fh, "%s: Démarrage de sshdetect", date); + fclose(fh); + sprintf( str, "%s \"%s - %s: Démarrage de sshdetect\"", commande, HOSTNAME, date ); + id=fork(); + if(id == 0) + { + r = system( str ); + exit(r); + }else if( id<0 ) + { + printf("erreur de création du fork: %s", str); + } + + while (1) + { + // get the sshd process ID (PID) + if ( (fh = fopen("/run/sshd.pid", "r" )) == NULL) + { + perror("/run/sshd.pid"); + return 1; + } + if ( fscanf(fh, "%i", &pid) == 0) + { + printf("erreur fscanf: /run/sshd.pid" ); + return 10; + } + fclose(fh); + //printf("%i", pid); + + //get the list of children + sprintf( proc_path, "/proc/%d/task/%d/children", pid,pid); + //printf(" %s", proc_path); + if ((fh = fopen( proc_path, "r")) == NULL) + { + perror(proc_path); + return 1; + } + while(fscanf(fh, "%i", &pid) > 0) + { + r = isinarray(pid, childrens, x); + if( r == 0 ) + { + getcmdline( pid, cmdline, cmd, user ); + if( strcmp( cmd, "sshd") != 0 ) + { + x++; + childrens[x] = pid; + flag[x] = 1; + + time( &now ); + sprintf( date, "%s", ctime(&now)); + date[strlen(date)-1] = 0; + sprintf( str, "%s \"%s: %s s'est connecté le %s avec la commande: %s %s\"", commande, HOSTNAME, user, date, cmd, cmdline ); + id=fork(); + if(id>0) + { + if ( (fh1 = fopen(logfile, "a")) == NULL) + { + perror(logfile); + return 7; + } + if (start == 1) + { + fprintf(fh1, "%s: %s Connecté - %s %s", date, user, cmd, cmdline); + }else + { + fprintf(fh1, "%s: Connexion de %s\n#%s# %s\n", date, user, cmd, cmdline); + } + fclose(fh1); + }else if (id<0) + { + printf("erreur de création du fork: %s", str); + }else + { + if (start != 1) + { + + //printf("%s\n", str); + r = system( str ); + } + exit (r); + } + } + }else + { + flag[r] = 1; + } + } + for(i=1;i<=x;i++) + { + if (flag[i] == 0 ) + { + printf("Session %d terminée\n", childrens[i]); + for( j=i; j