diff --git a/main.c b/main.c index 83cdbfc..040dc54 100644 --- a/main.c +++ b/main.c @@ -96,7 +96,7 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[] ) if( level == 0 && r == 2 ) { flag = 1; - retval = 2; + retval = -1; }else if ( r != -1 ) { level++; @@ -132,10 +132,12 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[] ) return 5; } fgets( str, 1024, fh1); - null2space( str ); - pos = strstr( str, "USER=") +5; - sscanf( pos, "%s", user); fclose(fh1); + null2space( str ); + if ( (pos = strstr( str, "USER=")) != NULL) + { + sscanf( pos, "%s", user); + } return retval; } @@ -162,7 +164,7 @@ int main() char logfile[] = "/var/log/sshdetect.log"; char cmd[24]; char cmdline[1000]; - char user[24]; + char user[24]=""; char str[1024]; char date[60]; time_t now ; @@ -213,6 +215,7 @@ int main() r = isinarray(pid, childrens, x); if( r == 0 ) { + user[0]='\0'; rinfo = getprocinfo( pid, cmdline, cmd, user ); if( rinfo == 0 ) { @@ -223,7 +226,13 @@ int main() time( &now ); sprintf( date, "%s", ctime(&now)); date[strlen(date)-1] = 0; - sprintf( str, "%s \"%s: %s s'est connecté le %s avec la commande: %s %s\"", commande, HOSTNAME, user, date, cmd, cmdline ); + if (user[0] == '\0') + { + sprintf( str, "%s \"%s: tunnel ouvert le %s avec la commande: %s %s\"", commande, HOSTNAME, date, cmd, cmdline ); + }else + { + sprintf( str, "%s \"%s: %s s'est connecté le %s avec la commande: %s %s\"", commande, HOSTNAME, user, date, cmd, cmdline ); + } if ( start != 1 ) { id=fork();