formatednicely

author: hc <hc@email.ch> 2025-02-01 11:07:07 +0800
committer: hc <hc@email.ch> 2025-02-01 11:07:07 +0800
commit: 8c1a40d00ca69f2194a9f7c4cf4e884a2d225d3d (patch)
tree: 2c880e936b465915ea6483fe2737a55b9638923b /client_manager.py
parent: 6e2bd1f5053f5244d1294ba5ae2c0ffc047743b6 (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/client_manager.py b/client_manager.py
index 84bf3df..ab29e16 100644
--- a/client_manager.py
+++ b/client_manager.py
@@ -15,6 +15,7 @@ import fcntl
 def get_ssh_port(pid):
    '''
+    /var/log/secure
    Jan 31 07:50:28 vultr sshd[43690]: Accepted publickey for root from 210.10.76.5 port 43730 ssh2: ED25519 SHA256:qz9ffMCb3vPlabn3ZHee00qIPBxkDiUiVSorcUkGdII
    Jan 31 07:50:28 vultr sshd[43690]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)
    Jan 31 07:50:29 vultr sshd[43693]: Received disconnect from 210.10.76.5 port 43730:11: disconnected by user
@@ -22,6 +23,13 @@ def get_ssh_port(pid):
    Jan 31 07:50:29 vultr sshd[43690]: pam_unix(sshd:session): session closed for user root
    '''
    '''
+    lsof -i -n
+    sshd      1845   root    4u  IPv4  23137      0t0  TCP 45.32.108.159:ssh->210.10.76.5:45460 (ESTABLISHED)
+    sshd      1848   root    4u  IPv4  23137      0t0  TCP 45.32.108.159:ssh->210.10.76.5:45460 (ESTABLISHED)
+    sshd      1848   root    8u  IPv4  23259      0t0  TCP *:44699 (LISTEN)
+    sshd      1848   root    9u  IPv6  23260      0t0  TCP *:44699 (LISTEN)
+    '''
+    '''
    # less efficient but readable
    pid = '33216'
    pids = []
@@ -100,11 +108,13 @@ def handle_log_change(event):
                keyname = get_keyname(line.split()[15]) 
                srcip = line.split()[10]
                #print(pid, port, keyname, srcip)
-                ssh_sessions[pid] = [srcip, keyname, port]
+                #ssh_sessions[pid] = [srcip, keyname, port]
-                ssh_sessions[pid] = {
+                ssh_sessions[srcip] = {
                    'srcip': srcip,
+                    'pid' : pid,
                    'key': keyname,
-                    'pubport': port
+                    'pubport': port,
                }
                write_data(ssh_sessions)
            if "pam_unix(sshd:session): session closed" in line:
author	hc <hc@email.ch>	2025-02-01 11:07:07 +0800
committer	hc <hc@email.ch>	2025-02-01 11:07:07 +0800
commit	8c1a40d00ca69f2194a9f7c4cf4e884a2d225d3d (patch)
tree	2c880e936b465915ea6483fe2737a55b9638923b /client_manager.py
parent	6e2bd1f5053f5244d1294ba5ae2c0ffc047743b6 (diff)

diff --git a/client_manager.py b/client_manager.py index 84bf3df..ab29e16 100644 --- a/client_manager.py +++ b/client_manager.py
@@ -15,6 +15,7 @@ import fcntl
15		15
16	def get_ssh_port(pid):	16	def get_ssh_port(pid):
17	'''	17	'''
		18	/var/log/secure
18	Jan 31 07:50:28 vultr sshd[43690]: Accepted publickey for root from 210.10.76.5 port 43730 ssh2: ED25519 SHA256:qz9ffMCb3vPlabn3ZHee00qIPBxkDiUiVSorcUkGdII	19	Jan 31 07:50:28 vultr sshd[43690]: Accepted publickey for root from 210.10.76.5 port 43730 ssh2: ED25519 SHA256:qz9ffMCb3vPlabn3ZHee00qIPBxkDiUiVSorcUkGdII
19	Jan 31 07:50:28 vultr sshd[43690]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)	20	Jan 31 07:50:28 vultr sshd[43690]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)
20	Jan 31 07:50:29 vultr sshd[43693]: Received disconnect from 210.10.76.5 port 43730:11: disconnected by user	21	Jan 31 07:50:29 vultr sshd[43693]: Received disconnect from 210.10.76.5 port 43730:11: disconnected by user
@@ -22,6 +23,13 @@ def get_ssh_port(pid):
22	Jan 31 07:50:29 vultr sshd[43690]: pam_unix(sshd:session): session closed for user root	23	Jan 31 07:50:29 vultr sshd[43690]: pam_unix(sshd:session): session closed for user root
23	'''	24	'''
24	'''	25	'''
		26	lsof -i -n
		27	sshd 1845 root 4u IPv4 23137 0t0 TCP 45.32.108.159:ssh->210.10.76.5:45460 (ESTABLISHED)
		28	sshd 1848 root 4u IPv4 23137 0t0 TCP 45.32.108.159:ssh->210.10.76.5:45460 (ESTABLISHED)
		29	sshd 1848 root 8u IPv4 23259 0t0 TCP *:44699 (LISTEN)
		30	sshd 1848 root 9u IPv6 23260 0t0 TCP *:44699 (LISTEN)
		31	'''
		32	'''
25	# less efficient but readable	33	# less efficient but readable
26	pid = '33216'	34	pid = '33216'
27	pids = []	35	pids = []
@@ -100,11 +108,13 @@ def handle_log_change(event):
100	keyname = get_keyname(line.split()[15])	108	keyname = get_keyname(line.split()[15])
101	srcip = line.split()[10]	109	srcip = line.split()[10]
102	#print(pid, port, keyname, srcip)	110	#print(pid, port, keyname, srcip)
103	ssh_sessions[pid] = [srcip, keyname, port]	111	#ssh_sessions[pid] = [srcip, keyname, port]
104	ssh_sessions[pid] = {	112
		113	ssh_sessions[srcip] = {
105	'srcip': srcip,	114	'srcip': srcip,
		115	'pid' : pid,
106	'key': keyname,	116	'key': keyname,
107	'pubport': port	117	'pubport': port,
108	}	118	}
109	write_data(ssh_sessions)	119	write_data(ssh_sessions)
110	if "pam_unix(sshd:session): session closed" in line:	120	if "pam_unix(sshd:session): session closed" in line: