#include #include #include #include #include #define HOSTNAME "lalis" int isinarray( int pid, int array[], int n ) { //if (n == 0) return 0; int x; for(x=1;x<=n;x++) { if( pid == array[x]) { return x; } } return 0; } int getcmdline( int ppid, char cmdline[], char cmd[], char user[] ) { FILE *fh1; char child_path[128]; char str[1024]; char * pch; int child_pid; int flag = 0; int r; int x = 0; int pid = ppid; while ( flag == 0) { sprintf( child_path, "/proc/%d/task/%d/children", pid,pid); if ( (fh1 = fopen( child_path, "r" )) == NULL) { perror(child_path); return 3; } r = fscanf( fh1, "%i", &child_pid ); if ( r != -1 ) { pid = child_pid; }else { flag = 1; } fclose(fh1); } sprintf( child_path, "/proc/%d/cmdline", pid ); if ( (fh1= fopen( child_path, "r" )) == NULL) { perror(child_path); return 4; } fgets( str, 1024, fh1); flag = 0; while ( flag == 0 ) { if ( (int) str[x] == 0 ) { if ( (int) str[x+1] != 0 ) { str[x] = ' '; }else { flag = 1; } } x++; } sprintf(cmdline, "%s", str); fclose(fh1); sprintf( child_path, "/proc/%d/comm", pid ); if ( (fh1= fopen(child_path, "r" )) == NULL) { perror(child_path); return 5; } fscanf( fh1, "%s", cmd ); fclose(fh1); sprintf( child_path, "/proc/%d/environ", pid ); if ( (fh1= fopen(child_path, "r" )) == NULL) { perror(child_path); return 5; } fscanf( fh1, "%s", str); pch = strtok( str, "=" ); pch = strtok( NULL , "=" ); sprintf( user, "%s", pch); fclose(fh1); return 0; } int main() { FILE *fh; FILE *fh1; int id; int pid; int x=0; int r; int i; int j; int start =1; int childrens[10]; int flag[10]; char proc_path[128]; char commande[] = "/usr/local/bin/send_sms"; char logfile[] = "/var/log/sshdetect.log"; char cmd[24]; char cmdline[1000]; char user[24]; char str[1024]; char date[60]; time_t now ; time( &now ); sprintf( date, "%s", ctime(&now)); date[strlen(date)-1] = 0; if ( (fh = fopen(logfile, "a")) == NULL) { perror(logfile); return 1; } fprintf(fh, "%s: Démarrage de sshdetect", date); fclose(fh); sprintf( str, "%s \"%s - %s: Démarrage de sshdetect\"", commande, HOSTNAME, date ); id=fork(); if(id == 0) { r = system( str ); exit(r); }else if( id<0 ) { printf("erreur de création du fork: %s", str); } while (1) { // get the sshd process ID (PID) if ( (fh = fopen("/run/sshd.pid", "r" )) == NULL) { perror("/run/sshd.pid"); return 1; } if ( fscanf(fh, "%i", &pid) == 0) { printf("erreur fscanf: /run/sshd.pid" ); return 10; } fclose(fh); //printf("%i", pid); //get the list of children sprintf( proc_path, "/proc/%d/task/%d/children", pid,pid); //printf(" %s", proc_path); if ((fh = fopen( proc_path, "r")) == NULL) { perror(proc_path); return 1; } while(fscanf(fh, "%i", &pid) > 0) { r = isinarray(pid, childrens, x); if( r == 0 ) { getcmdline( pid, cmdline, cmd, user ); if( strcmp( cmd, "sshd") != 0 ) { x++; childrens[x] = pid; flag[x] = 1; time( &now ); sprintf( date, "%s", ctime(&now)); date[strlen(date)-1] = 0; sprintf( str, "%s \"%s: %s s'est connecté le %s avec la commande: %s %s\"", commande, HOSTNAME, user, date, cmd, cmdline ); if ( start != 1 ) { id=fork(); if(id>0) { if ( (fh1 = fopen(logfile, "a")) == NULL) { perror(logfile); return 7; } fprintf(fh1, "%s: Connexion de %s\n#%s# %s\n", date, user, cmd, cmdline); fclose(fh1); }else if (id<0) { printf("erreur de création du fork: %s", str); }else { //printf("%s\n", str); r = system( str ); exit (r); } }else { if ( (fh1 = fopen(logfile, "a")) == NULL) { perror(logfile); return 7; } if (start == 1) { fprintf(fh1, "%s: %s Connecté - %s %s", date, user, cmd, cmdline); } } } }else { flag[r] = 1; } } for(i=1;i<=x;i++) { if (flag[i] == 0 ) { printf("Session %d terminée\n", childrens[i]); for( j=i; j