maemo.org - Talk
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Development (https://talk.maemo.org/forumdisplay.php?f=13)
-   -   [Announce] SSH notifier script (https://talk.maemo.org/showthread.php?t=73924)

laasonen 2011-06-11 15:24
[Announce] SSH notifier script
 
I made simple script which notifies about users trying to connect or disconnect to SSH-server. I thought that some others might be also interested what someones are trying to do with our phones.

Phone version
How?
  • apt-get install sysklogd sudser
  • Uncomment the line about /var/log/auth.log from /etc/syslog.conf
  • stop sysklogd; start sysklogd
  • Run the script
Problems:
  • Sysklogd doesn't give disconnecter's name so only ip is shown when user disconnects from the server
Script:
Code:
sudo tail -f /var/log/auth.log | while read line; do
        id=$((id+1));
        if [[ $id -gt 10 ]]; then
                if [[ `echo $line | awk '{print $5}' | awk -F [ '{print $1}'` == "sshd" ]]; then
                        if [[ `echo $line | awk '{print $6}'` == Failed ]]; then
                        dbus-send --type=method_call --dest=org.freedesktop.Notifications /org/freedesktop/Notifications org.freedesktop.Notifications.SystemNoteInfoprint string:"`echo $line | awk '{print $9}'` failed to log in to SSH from `echo $line | awk '{print $11}'`";
                        else
                                if [[ `echo $line | awk '{print $6}'` == Accepted ]]; then
                                        dbus-send --type=method_call --dest=org.freedesktop.Notifications /org/freedesktop/Notifications org.freedesktop.Notifications.SystemNoteInfoprint string:"`echo $line | awk '{print $9}'` succefully logged in to SSH from `echo $line | awk '{print $11}'`";
                                else
                                        if [[ `echo $line | awk '{print $6}'` == Received ]] && [[ `echo $line | awk '{print $7}'` == disconnect ]]; then
                                                dbus-send --type=method_call --dest=org.freedesktop.Notifications /org/freedesktop/Notifications org.freedesktop.Notifications.SystemNoteInfoprint string:"`echo $line | awk '{print $9}' | awk -F : '{print $1}'` disconnected from SSH";
                                        fi
                                fi
                        fi
                fi
        fi
done
Screenshot:
http://hosted.laasonen.net/Screensho...611-180730.png

Desktop version
Requirements:
  • syslog-ng
  • >=bash
  • libnotify
Script:
Code:
ip=""
sudo tail -f /var/log/auth.log | while read line; do
        id=$((id+1));
        if [[ $id -gt 10 ]]; then
                if [ -n "$ip" ]; then
                        notify-send "SSH Notifier" "`echo $line | awk '{print $11}'` disconnected from SSH from $ip!";
                        ip=""
                else
                        if [[ `echo $line | awk '{print $5}'` == sshd* ]]; then
                                if [[ `echo $line | awk '{print $6}'` == Failed ]]; then
                                        notify-send "SSH Notifier" "`echo $line | awk '{print $9}'` failed to log in to SSH from `echo $line | awk '{print $11}'`!";
                                else
                                        if [[ `echo $line | awk '{print $6}'` == Accepted ]]; then
                                                notify-send "SSH Notifier" "`echo $line | awk '{print $9}'` succefully logged in to SSH from `echo $line | awk '{print $11}'`!";
                                        else
                                                if [[ `echo $line | awk '{print $6}'` == Received ]] && [[ `echo $line | awk '{print $7}'` == disconnect ]]; then
                                                        ip=`echo $line | awk '{print $9}' | awk -F : '{print $1}'`
                                                fi
                                        fi
                                fi
                        fi
                fi
        fi
done
Screenshot:
http://hosted.laasonen.net/2011-06-1...1200_scrot.png

tonypower88 2011-06-11 15:45
Re: [Announce] SSH notifier script
 
so each time I have to execute this script in background and keep it running ?

I think this script is not good in case I want to spy on someone when I give him/her my phone then I login with ssh and execuste x11vnc server and watch them live on vnc lol

also I think a better idea is allow only some trusted dns names or ips for SSH clients like my own PCs and other devices

laasonen 2011-06-11 15:56
Re: [Announce] SSH notifier script
 
Quote:
Originally Posted by tonypower88 (Post 1027178)
so each time I have to execute this script in background and keep it running ?
I decided to release this only as a script, but you can make it launch on startup pretty easily by adding it to /etc/event.d/ in this kind of format:
Code:
start on started hildon-desktop

respawn

script
//CODE
end script

Quote:
Originally Posted by tonypower88 (Post 1027178)
I think this script is not good in case I want to spy on someone when I give him/her my phone then I login with ssh and execuste x11vnc server and watch them live on vnc lol

also I think a better idea is allow only some trusted dns names or ips for SSH clients like my own PCs and other devices
I'm not interested in spying people, but feel free to modify the script yourself :)

Jigzy 2011-06-11 16:15
Re: [Announce] SSH notifier script
 
what is it with these James Bond wannabe's wanting to spy on other people!

tonypower88 2011-06-11 16:53
Re: [Announce] SSH notifier script
 
Quote:
Originally Posted by Jigzy (Post 1027195)
what is it with these James Bond wannabe's wanting to spy on other people!
like letting someone to use msn on your phone , then go to other room with your computer login using ssh , execute x11vnc server in background = ) watch them on vnc

laasonen 2011-06-11 17:00
Re: [Announce] SSH notifier script
 
Quote:
Originally Posted by tonypower88 (Post 1027215)
like letting someone to use msn on your phone , then go to other room with your computer login using ssh , execute x11vnc server in background = ) watch them on vnc
This is illegal at least in here in Finland. Why would you like to break their trust and privacy?

Mentalist Traceur 2011-06-11 18:05
Re: [Announce] SSH notifier script
 
If you want to spy on people, that's your issue. Don't install it, then, and move on. However, if you'd like to know when others are spying on you, this is a very useful utility.

Doesn't sysklogd slowly fill up rootfs space with the logs, though?

hawaii 2011-06-11 18:48
Re: [Announce] SSH notifier script
 
Firstly, why would somebody have your root password? Secondly, why would you allow remote root log in? Thirdly, why would you be running daemons on an unsecured network?

Jigzy 2011-06-12 00:42
Re: [Announce] SSH notifier script
 
Well maybe I am not as paranoid as some people!!!

jd4200 2011-06-12 01:32
Re: [Announce] SSH notifier script
 
Would this not be prone to high CPU usage, and leakage due to the constant polling?


All times are GMT. The time now is 20:22.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8