From ec665996aecb71c656ac4c6e826916eb29773a72 Mon Sep 17 00:00:00 2001 From: Daniel Tartavel Date: Wed, 6 May 2020 15:23:12 +0200 Subject: [PATCH] beta --- main.c | 198 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 115 insertions(+), 83 deletions(-) diff --git a/main.c b/main.c index 101e6ef..e614039 100644 --- a/main.c +++ b/main.c @@ -20,41 +20,74 @@ int isinarray( int pid, int array[], int n ) return 0; } -int getcmdline( int ppid, char cmdline[], char cmd[], char user[] ) +int getpids(int pid, int exploded[]) +{ + FILE *fh; + char * pch; + char path[1024]; + char str[4096]; + char separator[] = " "; + int x = 0; + + sprintf( path, "/proc/%d/task/%d/children", pid,pid); + //printf(" %s", proc_path); + if ((fh = fopen( path, "r")) == NULL) + { + perror(path); + return -1; + } + if ( fgets( str, 40, fh ) != NULL ) + { + pch = strtok( str, separator ); + while( pch != NULL ) + { + exploded[x++] = atoi( pch ); + pch = strtok( NULL , separator ); + } + fclose(fh); + return x; + }else + { + fclose(fh); + return -1; + } +} + +int getprocinfo( int ppid, char cmdline[], char cmd[], char user[] ) { FILE *fh1; char child_path[128]; char str[1024]; char * pch; - int child_pid; + int child_pid[10]; int flag = 0; int r; int x = 0; int pid = ppid; + int level = 0; + int retval = 0; while ( flag == 0) { - sprintf( child_path, "/proc/%d/task/%d/children", pid,pid); - if ( (fh1 = fopen( child_path, "r" )) == NULL) + r = getpids( pid, child_pid ); + if( level == 0 && r == 2 ) { - perror(child_path); - return 3; - } - r = fscanf( fh1, "%i", &child_pid ); - if ( r != -1 ) + flag = 1; + retval = 2; + }else if ( r != -1 ) { - pid = child_pid; + level++; + pid = child_pid[0]; }else { flag = 1; } - fclose(fh1); } sprintf( child_path, "/proc/%d/cmdline", pid ); if ( (fh1= fopen( child_path, "r" )) == NULL) { perror(child_path); - return 4; + return 2; } fgets( str, 1024, fh1); flag = 0; @@ -78,7 +111,7 @@ int getcmdline( int ppid, char cmdline[], char cmd[], char user[] ) if ( (fh1= fopen(child_path, "r" )) == NULL) { perror(child_path); - return 5; + return 3; } fscanf( fh1, "%s", cmd ); fclose(fh1); @@ -93,23 +126,28 @@ int getcmdline( int ppid, char cmdline[], char cmd[], char user[] ) pch = strtok( NULL , "=" ); sprintf( user, "%s", pch); fclose(fh1); - return 0; + return retval; } int main() { FILE *fh; FILE *fh1; + int n_ssh=10; int id; int pid; int x=0; + int y=0; int r; int i; int j; - int start =1; - int childrens[10]; - int flag[10]; - char proc_path[128]; + int n; + int start=1; + int childrens[n_ssh]; + int pids[n_ssh]; + int flag[n_ssh]; + int rinfo; +// char path[1024]; char commande[] = "/usr/local/bin/send_sms"; char logfile[] = "/var/log/sshdetect.log"; char cmd[24]; @@ -127,7 +165,7 @@ int main() perror(logfile); return 1; } - fprintf(fh, "%s: Démarrage de sshdetect", date); + fprintf(fh, "%s: Démarrage de sshdetect\n", date); fclose(fh); sprintf( str, "%s \"%s - %s: Démarrage de sshdetect\"", commande, HOSTNAME, date ); id=fork(); @@ -157,87 +195,81 @@ int main() //printf("%i", pid); //get the list of children - sprintf( proc_path, "/proc/%d/task/%d/children", pid,pid); - //printf(" %s", proc_path); - if ((fh = fopen( proc_path, "r")) == NULL) + if ( getpids( pid, pids ) != -1) { - perror(proc_path); - return 1; - } - while(fscanf(fh, "%i", &pid) > 0) - { - r = isinarray(pid, childrens, x); - if( r == 0 ) + for ( y=0; y<=n; y++) { - getcmdline( pid, cmdline, cmd, user ); - if( strcmp( cmd, "sshd") != 0 ) + pid = pids[y]; + r = isinarray(pid, childrens, x); + if( r == 0 ) { - x++; - childrens[x] = pid; - flag[x] = 1; - - time( &now ); - sprintf( date, "%s", ctime(&now)); - date[strlen(date)-1] = 0; - sprintf( str, "%s \"%s: %s s'est connecté le %s avec la commande: %s %s\"", commande, HOSTNAME, user, date, cmd, cmdline ); - if ( start != 1 ) + rinfo = getprocinfo( pid, cmdline, cmd, user ); + if( rinfo == 0 ) { - id=fork(); - if(id>0) + x++; + childrens[x] = pid; + flag[x] = 1; + + time( &now ); + sprintf( date, "%s", ctime(&now)); + date[strlen(date)-1] = 0; + sprintf( str, "%s \"%s: %s s'est connecté le %s avec la commande: %s %s\"", commande, HOSTNAME, user, date, cmd, cmdline ); + if ( start != 1 ) + { + id=fork(); + if(id>0) + { + if ( (fh1 = fopen(logfile, "a")) == NULL) + { + perror(logfile); + return 7; + } + fprintf(fh1, "%s: Connexion de %s\n#%s# %s\n", date, user, cmd, cmdline); + fclose(fh1); + }else if (id<0) + { + printf("erreur de création du fork: %s", str); + }else + { + //printf("%s\n", str); + r = system( str ); + exit (r); + } + }else { if ( (fh1 = fopen(logfile, "a")) == NULL) { perror(logfile); return 7; } - fprintf(fh1, "%s: Connexion de %s\n#%s# %s\n", date, user, cmd, cmdline); + fprintf(fh1, "%s: %s Connecté - %s %s\n", date, user, cmd, cmdline); fclose(fh1); - }else if (id<0) - { - printf("erreur de création du fork: %s", str); - }else - { - //printf("%s\n", str); - r = system( str ); - exit (r); - } - }else - { - if ( (fh1 = fopen(logfile, "a")) == NULL) - { - perror(logfile); - return 7; - } - if (start == 1) - { - fprintf(fh1, "%s: %s Connecté - %s %s", date, user, cmd, cmdline); } } - } - }else - { - flag[r] = 1; - } - } - for(i=1;i<=x;i++) - { - if (flag[i] == 0 ) - { - printf("Session %d terminée\n", childrens[i]); - for( j=i; j