1
0
This commit is contained in:
Daniel Tartavel 2020-05-06 15:23:12 +02:00
parent 8516ab5089
commit ec665996ae

98
main.c
View File

@ -20,41 +20,74 @@ int isinarray( int pid, int array[], int n )
return 0; return 0;
} }
int getcmdline( int ppid, char cmdline[], char cmd[], char user[] ) int getpids(int pid, int exploded[])
{
FILE *fh;
char * pch;
char path[1024];
char str[4096];
char separator[] = " ";
int x = 0;
sprintf( path, "/proc/%d/task/%d/children", pid,pid);
//printf(" %s", proc_path);
if ((fh = fopen( path, "r")) == NULL)
{
perror(path);
return -1;
}
if ( fgets( str, 40, fh ) != NULL )
{
pch = strtok( str, separator );
while( pch != NULL )
{
exploded[x++] = atoi( pch );
pch = strtok( NULL , separator );
}
fclose(fh);
return x;
}else
{
fclose(fh);
return -1;
}
}
int getprocinfo( int ppid, char cmdline[], char cmd[], char user[] )
{ {
FILE *fh1; FILE *fh1;
char child_path[128]; char child_path[128];
char str[1024]; char str[1024];
char * pch; char * pch;
int child_pid; int child_pid[10];
int flag = 0; int flag = 0;
int r; int r;
int x = 0; int x = 0;
int pid = ppid; int pid = ppid;
int level = 0;
int retval = 0;
while ( flag == 0) while ( flag == 0)
{ {
sprintf( child_path, "/proc/%d/task/%d/children", pid,pid); r = getpids( pid, child_pid );
if ( (fh1 = fopen( child_path, "r" )) == NULL) if( level == 0 && r == 2 )
{ {
perror(child_path); flag = 1;
return 3; retval = 2;
} }else if ( r != -1 )
r = fscanf( fh1, "%i", &child_pid );
if ( r != -1 )
{ {
pid = child_pid; level++;
pid = child_pid[0];
}else }else
{ {
flag = 1; flag = 1;
} }
fclose(fh1);
} }
sprintf( child_path, "/proc/%d/cmdline", pid ); sprintf( child_path, "/proc/%d/cmdline", pid );
if ( (fh1= fopen( child_path, "r" )) == NULL) if ( (fh1= fopen( child_path, "r" )) == NULL)
{ {
perror(child_path); perror(child_path);
return 4; return 2;
} }
fgets( str, 1024, fh1); fgets( str, 1024, fh1);
flag = 0; flag = 0;
@ -78,7 +111,7 @@ int getcmdline( int ppid, char cmdline[], char cmd[], char user[] )
if ( (fh1= fopen(child_path, "r" )) == NULL) if ( (fh1= fopen(child_path, "r" )) == NULL)
{ {
perror(child_path); perror(child_path);
return 5; return 3;
} }
fscanf( fh1, "%s", cmd ); fscanf( fh1, "%s", cmd );
fclose(fh1); fclose(fh1);
@ -93,23 +126,28 @@ int getcmdline( int ppid, char cmdline[], char cmd[], char user[] )
pch = strtok( NULL , "=" ); pch = strtok( NULL , "=" );
sprintf( user, "%s", pch); sprintf( user, "%s", pch);
fclose(fh1); fclose(fh1);
return 0; return retval;
} }
int main() int main()
{ {
FILE *fh; FILE *fh;
FILE *fh1; FILE *fh1;
int n_ssh=10;
int id; int id;
int pid; int pid;
int x=0; int x=0;
int y=0;
int r; int r;
int i; int i;
int j; int j;
int start =1; int n;
int childrens[10]; int start=1;
int flag[10]; int childrens[n_ssh];
char proc_path[128]; int pids[n_ssh];
int flag[n_ssh];
int rinfo;
// char path[1024];
char commande[] = "/usr/local/bin/send_sms"; char commande[] = "/usr/local/bin/send_sms";
char logfile[] = "/var/log/sshdetect.log"; char logfile[] = "/var/log/sshdetect.log";
char cmd[24]; char cmd[24];
@ -127,7 +165,7 @@ int main()
perror(logfile); perror(logfile);
return 1; return 1;
} }
fprintf(fh, "%s: Démarrage de sshdetect", date); fprintf(fh, "%s: Démarrage de sshdetect\n", date);
fclose(fh); fclose(fh);
sprintf( str, "%s \"%s - %s: Démarrage de sshdetect\"", commande, HOSTNAME, date ); sprintf( str, "%s \"%s - %s: Démarrage de sshdetect\"", commande, HOSTNAME, date );
id=fork(); id=fork();
@ -157,20 +195,16 @@ int main()
//printf("%i", pid); //printf("%i", pid);
//get the list of children //get the list of children
sprintf( proc_path, "/proc/%d/task/%d/children", pid,pid); if ( getpids( pid, pids ) != -1)
//printf(" %s", proc_path);
if ((fh = fopen( proc_path, "r")) == NULL)
{ {
perror(proc_path); for ( y=0; y<=n; y++)
return 1;
}
while(fscanf(fh, "%i", &pid) > 0)
{ {
pid = pids[y];
r = isinarray(pid, childrens, x); r = isinarray(pid, childrens, x);
if( r == 0 ) if( r == 0 )
{ {
getcmdline( pid, cmdline, cmd, user ); rinfo = getprocinfo( pid, cmdline, cmd, user );
if( strcmp( cmd, "sshd") != 0 ) if( rinfo == 0 )
{ {
x++; x++;
childrens[x] = pid; childrens[x] = pid;
@ -208,10 +242,8 @@ int main()
perror(logfile); perror(logfile);
return 7; return 7;
} }
if (start == 1) fprintf(fh1, "%s: %s Connecté - %s %s\n", date, user, cmd, cmdline);
{ fclose(fh1);
fprintf(fh1, "%s: %s Connecté - %s %s", date, user, cmd, cmdline);
}
} }
} }
}else }else
@ -236,8 +268,8 @@ int main()
flag[i] = 0; flag[i] = 0;
} }
} }
fclose(fh);
sleep(2); sleep(2);
}
start = 0; start = 0;
} }
return 0; return 0;