317 lines
5.6 KiB
C
317 lines
5.6 KiB
C
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <time.h>
|
|
#include <sys/types.h>
|
|
#include <sys/wait.h>
|
|
#include <utmp.h>
|
|
|
|
#define HOSTNAME "lalis"
|
|
|
|
int isinarray( int pid, int array[], int n )
|
|
{
|
|
//if (n == 0) return 0;
|
|
int x;
|
|
for(x=1;x<=n;x++)
|
|
{
|
|
if( pid == array[x])
|
|
{
|
|
return x;
|
|
}
|
|
} return 0;
|
|
}
|
|
|
|
void getutmp( int pid, char user[], char host_ip[] )
|
|
{
|
|
struct utmp * utmp;
|
|
setutent();
|
|
while ( (utmp = getutent()) != NULL )
|
|
{
|
|
if ( utmp->ut_pid == pid )
|
|
{
|
|
sprintf(user, "%s", utmp->ut_user);
|
|
sprintf(host_ip, "%s", utmp->ut_host);
|
|
break;
|
|
}
|
|
}
|
|
endutent();
|
|
}
|
|
|
|
int null2space( char str[] )
|
|
{
|
|
int flag =0;
|
|
int x = 0;
|
|
|
|
while ( flag == 0 )
|
|
{
|
|
if ( (int) str[x] == 0 )
|
|
{
|
|
if ( (int) str[x+1] != 0 )
|
|
{
|
|
str[x] = ' ';
|
|
}else
|
|
{
|
|
flag = 1;
|
|
}
|
|
}
|
|
x++;
|
|
}
|
|
return x-1 ;
|
|
}
|
|
|
|
int getpids(int pid, int exploded[])
|
|
{
|
|
FILE *fh;
|
|
char * pch;
|
|
char path[1024];
|
|
char str[4096];
|
|
char separator[] = " ";
|
|
int x = 0;
|
|
|
|
sprintf( path, "/proc/%d/task/%d/children", pid,pid);
|
|
//printf(" %s", proc_path);
|
|
if ((fh = fopen( path, "r")) == NULL)
|
|
{
|
|
perror(path);
|
|
return -1;
|
|
}
|
|
if ( fgets( str, 40, fh ) != NULL )
|
|
{
|
|
pch = strtok( str, separator );
|
|
while( pch != NULL )
|
|
{
|
|
exploded[x++] = atoi( pch );
|
|
pch = strtok( NULL , separator );
|
|
}
|
|
fclose(fh);
|
|
return x;
|
|
}else
|
|
{
|
|
fclose(fh);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
int getprocinfo( int ppid, char cmdline[], char cmd[], char user[], char host_ip[] )
|
|
{
|
|
FILE *fh1;
|
|
char child_path[128];
|
|
char str[1024];
|
|
// char * pch;
|
|
int child_pid[10];
|
|
int flag = 0;
|
|
int r;
|
|
// int x = 0;
|
|
int pid = ppid;
|
|
int level = 0;
|
|
int retval = 0;
|
|
// char * pos;
|
|
|
|
getutmp( pid, user, host_ip );
|
|
while ( flag == 0)
|
|
{
|
|
r = getpids( pid, child_pid );
|
|
if( level == 0 && r == 2 )
|
|
{
|
|
flag = 1;
|
|
retval = -1;
|
|
}else if ( r != -1 )
|
|
{
|
|
level++;
|
|
pid = child_pid[0];
|
|
}else
|
|
{
|
|
flag = 1;
|
|
}
|
|
}
|
|
sprintf( child_path, "/proc/%d/cmdline", pid );
|
|
if ( (fh1= fopen( child_path, "r" )) == NULL)
|
|
{
|
|
perror(child_path);
|
|
return 2;
|
|
}
|
|
fgets( str, 1024, fh1);
|
|
flag = 0;
|
|
null2space( str );
|
|
sprintf(cmdline, "%s", str);
|
|
fclose(fh1);
|
|
sprintf( child_path, "/proc/%d/comm", pid );
|
|
if ( (fh1= fopen(child_path, "r" )) == NULL)
|
|
{
|
|
perror(child_path);
|
|
return 3;
|
|
}
|
|
fscanf( fh1, "%s", cmd );
|
|
fclose(fh1);
|
|
/*sprintf( child_path, "/proc/%d/environ", pid );
|
|
if ( (fh1= fopen(child_path, "r" )) == NULL)
|
|
{
|
|
perror(child_path);
|
|
return 5;
|
|
}
|
|
fgets( str, 1024, fh1);
|
|
fclose(fh1);
|
|
null2space( str );
|
|
if ( (pos = strstr( str, "USER=")) != NULL)
|
|
{
|
|
sscanf( pos+5, "%s", user);
|
|
}*/
|
|
return retval;
|
|
}
|
|
|
|
int main()
|
|
{
|
|
FILE *fh;
|
|
FILE *fh1;
|
|
int n_ssh=10;
|
|
int id;
|
|
int pid;
|
|
int x=0;
|
|
int y=0;
|
|
int r;
|
|
int i;
|
|
int j;
|
|
int n;
|
|
int start=1;
|
|
int childrens[n_ssh];
|
|
int pids[n_ssh];
|
|
int flag[n_ssh];
|
|
int rinfo;
|
|
int status;
|
|
// char path[1024];
|
|
char commande[] = "/usr/local/bin/send_sms";
|
|
char logfile[] = "/var/log/sshdetect.log";
|
|
char cmd[24];
|
|
char cmdline[1000];
|
|
char user[24]="";
|
|
char host_ip[42];
|
|
char str[1024];
|
|
char date[60];
|
|
time_t now ;
|
|
time( &now );
|
|
sprintf( date, "%s", ctime(&now));
|
|
date[strlen(date)-1] = 0;
|
|
if ( (fh = fopen(logfile, "a")) == NULL)
|
|
{
|
|
perror(logfile);
|
|
return 1;
|
|
}
|
|
fprintf(fh, "%s: Démarrage de sshdetect\n", date);
|
|
fclose(fh);
|
|
sprintf( str, "%s \"%s - %s: Démarrage de sshdetect\"", commande, HOSTNAME, date );
|
|
id=fork();
|
|
if(id == 0)
|
|
{
|
|
r = system( str );
|
|
exit(r);
|
|
}else if( id<0 )
|
|
{
|
|
printf("erreur de création du fork: %s", str);
|
|
}
|
|
|
|
while (1)
|
|
{
|
|
// get the sshd process ID (PID)
|
|
if ( (fh = fopen("/run/sshd.pid", "r" )) == NULL)
|
|
{
|
|
perror("/run/sshd.pid");
|
|
return 1;
|
|
}
|
|
if ( fscanf(fh, "%i", &pid) == 0)
|
|
{
|
|
printf("erreur fscanf: /run/sshd.pid" );
|
|
return 10;
|
|
}
|
|
fclose(fh);
|
|
//printf("%i", pid);
|
|
|
|
//get the list of children
|
|
if ( (n=getpids( pid, pids )) != -1)
|
|
{
|
|
for ( y=0; y<n; y++)
|
|
{
|
|
pid = pids[y];
|
|
r = isinarray(pid, childrens, x);
|
|
if( r == 0 )
|
|
{
|
|
user[0]='\0';
|
|
rinfo = getprocinfo( pid, cmdline, cmd, user, host_ip );
|
|
if( rinfo == 0 )
|
|
{
|
|
x++;
|
|
childrens[x] = pid;
|
|
flag[x] = 1;
|
|
|
|
time( &now );
|
|
sprintf( date, "%s", ctime(&now));
|
|
date[strlen(date)-1] = 0;
|
|
if (user[0] == '\0')
|
|
{
|
|
sprintf( str, "%s \"%s: tunnel ouvert le %s avec la commande: %s %s\"", commande, HOSTNAME, date, cmd, cmdline );
|
|
}else
|
|
{
|
|
sprintf( str, "%s \"%s: %s s'est connecté le %s avec la commande: %s %s\"", commande, HOSTNAME, user, date, cmd, cmdline );
|
|
}
|
|
if ( start != 1 )
|
|
{
|
|
id=fork();
|
|
if(id>0)
|
|
{
|
|
if ( (fh1 = fopen(logfile, "a")) == NULL)
|
|
{
|
|
perror(logfile);
|
|
return 7;
|
|
}
|
|
fprintf(fh1, "%s: Connexion de %s commnade: %s %s", date, user, cmd, cmdline);
|
|
fclose(fh1);
|
|
}else if (id<0)
|
|
{
|
|
printf("erreur de création du fork: %s", str);
|
|
}else
|
|
{
|
|
printf("%s\n", str);
|
|
r = system( str );
|
|
exit (r);
|
|
}
|
|
}else
|
|
{
|
|
if ( (fh1 = fopen(logfile, "a")) == NULL)
|
|
{
|
|
perror(logfile);
|
|
return 7;
|
|
}
|
|
fprintf(fh1, "%s: %s Connecté - %s %s\n", date, user, cmd, cmdline);
|
|
fclose(fh1);
|
|
}
|
|
}
|
|
}else
|
|
{
|
|
flag[r] = 1;
|
|
}
|
|
}
|
|
for(i=1;i<=x;i++)
|
|
{
|
|
if (flag[i] == 0 )
|
|
{
|
|
printf("Session %d terminée\n", childrens[i]);
|
|
for( j=i; j<x; j++ )
|
|
{
|
|
childrens[j] = childrens[j+1];
|
|
flag[j] = flag[j+1];
|
|
}
|
|
i--;
|
|
x--;
|
|
}else
|
|
{
|
|
flag[i] = 0;
|
|
}
|
|
}
|
|
sleep(2);
|
|
waitpid(-1, &status ,WNOHANG);
|
|
}
|
|
start = 0;
|
|
}
|
|
return 0;
|
|
}
|