DTux/dtux__sshdetect
Archived
1
0
Fork 0
Code

get connexion time from utmp

Browse Source
This commit is contained in:
Daniel Tartavel 2020-05-07 19:05:41 +02:00
parent 0bba327c0b
commit f8b102ef0c
1 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
main.c
View File

@ -22,7 +22,7 @@ int isinarray( int pid, int array[], int n )
} return 0; } return 0;
} }
void getutmp( int pid, char user[], char host_ip[] ) void getutmp( int pid, char user[], char host_ip[], time_t * time )
{ {
struct utmp * utmp; struct utmp * utmp;
setutent(); setutent();
@ -32,6 +32,7 @@ void getutmp( int pid, char user[], char host_ip[] )
{ {
sprintf(user, "%s", utmp->ut_user); sprintf(user, "%s", utmp->ut_user);
sprintf(host_ip, "%s", utmp->ut_host); sprintf(host_ip, "%s", utmp->ut_host);
*time = utmp->ut_tv.tv_sec;
break; break;
} }
} }
@ -93,7 +94,7 @@ int getpids(int pid, int exploded[])
} }
} }
int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip[] ) int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip[], char date[] )
{ {
FILE *fh1; FILE *fh1;
char child_path[128]; char child_path[128];
@ -106,9 +107,18 @@ int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip
int pid = ppid; int pid = ppid;
int level = 0; int level = 0;
int retval = 0; int retval = 0;
// char * pos; time_t *timet=0;
getutmp( pid, user, host_ip ); getutmp( pid, user, host_ip, timet );
if ( timet != 0)
{
sprintf(date, "%s", ctime(timet));
}else
{
time( timet );
sprintf( date, "%s", ctime( timet));
date[strlen(date)-1] = 0;
}
while ( flag == 0) while ( flag == 0)
{ {
r = getpids( pid, child_pid ); r = getpids( pid, child_pid );
@ -236,22 +246,20 @@ int main()
if( r == 0 ) if( r == 0 )
{ {
user[0]='\0'; user[0]='\0';
rinfo = getprocinfo( pid, cmdline, cmd, user, host_ip ); rinfo = getprocinfo( pid, cmdline, cmd, user, host_ip, date );
if( rinfo == 0 ) if( rinfo == 0 )
{ {
x++; x++;
childrens[x] = pid; childrens[x] = pid;
flag[x] = 1; flag[x] = 1;
// date of connexion
time( &now );
sprintf( date, "%s", ctime(&now));
date[strlen(date)-1] = 0;
if (user[0] == '\0') if (user[0] == '\0')
{ {
sprintf( str, "%s \"%s: tunnel ouvert le %s avec la commande: %s %s\"", commande, HOSTNAME, date, cmd, cmdline ); sprintf( str, "%s \"%s: tunnel ouvert le %s depuis %s avec la commande: %s %s\"", commande, HOSTNAME, date, host_ip, cmd, cmdline );
}else }else
{ {
sprintf( str, "%s \"%s: %s s'est connecté le %s avec la commande: %s %s\"", commande, HOSTNAME, user, date, cmd, cmdline ); sprintf( str, "%s \"%s: %s s'est connecté le %s depuis %s avec la commande: %s %s\"", commande, HOSTNAME, user, date, host_ip, cmd, cmdline );
} }
if ( start != 1 ) if ( start != 1 )
{ {
@ -263,7 +271,7 @@ int main()
perror(logfile); perror(logfile);
return 7; return 7;
} }
fprintf(fh1, "%s: Connexion de %s commnade: %s %s", date, user, cmd, cmdline); fprintf(fh1, "%s: Connexion de %s depuis %s commande: %s %s", date, user, host_ip, cmd, cmdline);
fclose(fh1); fclose(fh1);
}else if (id<0) }else if (id<0)
{ {
@ -281,7 +289,7 @@ int main()
perror(logfile); perror(logfile);
return 7; return 7;
} }
fprintf(fh1, "%s: %s Connecté - %s %s\n", date, user, cmd, cmdline); fprintf(fh1, "%s: %s Connecté depuis %s - %s %s\n", date, host_ip, user, cmd, cmdline);
fclose(fh1); fclose(fh1);
} }
} }