From 8c1a40d00ca69f2194a9f7c4cf4e884a2d225d3d Mon Sep 17 00:00:00 2001 From: hc Date: Sat, 1 Feb 2025 11:07:07 +0800 Subject: formatednicely --- client_manager.py | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'client_manager.py') diff --git a/client_manager.py b/client_manager.py index 84bf3df..ab29e16 100644 --- a/client_manager.py +++ b/client_manager.py @@ -15,6 +15,7 @@ import fcntl def get_ssh_port(pid): ''' + /var/log/secure Jan 31 07:50:28 vultr sshd[43690]: Accepted publickey for root from 210.10.76.5 port 43730 ssh2: ED25519 SHA256:qz9ffMCb3vPlabn3ZHee00qIPBxkDiUiVSorcUkGdII Jan 31 07:50:28 vultr sshd[43690]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0) Jan 31 07:50:29 vultr sshd[43693]: Received disconnect from 210.10.76.5 port 43730:11: disconnected by user @@ -22,6 +23,13 @@ def get_ssh_port(pid): Jan 31 07:50:29 vultr sshd[43690]: pam_unix(sshd:session): session closed for user root ''' ''' + lsof -i -n + sshd 1845 root 4u IPv4 23137 0t0 TCP 45.32.108.159:ssh->210.10.76.5:45460 (ESTABLISHED) + sshd 1848 root 4u IPv4 23137 0t0 TCP 45.32.108.159:ssh->210.10.76.5:45460 (ESTABLISHED) + sshd 1848 root 8u IPv4 23259 0t0 TCP *:44699 (LISTEN) + sshd 1848 root 9u IPv6 23260 0t0 TCP *:44699 (LISTEN) + ''' + ''' # less efficient but readable pid = '33216' pids = [] @@ -100,11 +108,13 @@ def handle_log_change(event): keyname = get_keyname(line.split()[15]) srcip = line.split()[10] #print(pid, port, keyname, srcip) - ssh_sessions[pid] = [srcip, keyname, port] - ssh_sessions[pid] = { + #ssh_sessions[pid] = [srcip, keyname, port] + + ssh_sessions[srcip] = { 'srcip': srcip, + 'pid' : pid, 'key': keyname, - 'pubport': port + 'pubport': port, } write_data(ssh_sessions) if "pam_unix(sshd:session): session closed" in line: -- cgit v1.2.3-70-g09d2