Reply
Thread Tools
laasonen's Avatar
Posts: 565 | Thanked: 618 times | Joined on Jun 2010 @ Finland
#1
I made simple script which notifies about users trying to connect or disconnect to SSH-server. I thought that some others might be also interested what someones are trying to do with our phones.

Phone version
How?
  • apt-get install sysklogd sudser
  • Uncomment the line about /var/log/auth.log from /etc/syslog.conf
  • stop sysklogd; start sysklogd
  • Run the script
Problems:
  • Sysklogd doesn't give disconnecter's name so only ip is shown when user disconnects from the server
Script:
Code:
sudo tail -f /var/log/auth.log | while read line; do
	id=$((id+1));
	if [[ $id -gt 10 ]]; then
		if [[ `echo $line | awk '{print $5}' | awk -F [ '{print $1}'` == "sshd" ]]; then
			if [[ `echo $line | awk '{print $6}'` == Failed ]]; then
			dbus-send --type=method_call --dest=org.freedesktop.Notifications /org/freedesktop/Notifications org.freedesktop.Notifications.SystemNoteInfoprint string:"`echo $line | awk '{print $9}'` failed to log in to SSH from `echo $line | awk '{print $11}'`";
			else
				if [[ `echo $line | awk '{print $6}'` == Accepted ]]; then
					dbus-send --type=method_call --dest=org.freedesktop.Notifications /org/freedesktop/Notifications org.freedesktop.Notifications.SystemNoteInfoprint string:"`echo $line | awk '{print $9}'` succefully logged in to SSH from `echo $line | awk '{print $11}'`";
				else
					if [[ `echo $line | awk '{print $6}'` == Received ]] && [[ `echo $line | awk '{print $7}'` == disconnect ]]; then
						dbus-send --type=method_call --dest=org.freedesktop.Notifications /org/freedesktop/Notifications org.freedesktop.Notifications.SystemNoteInfoprint string:"`echo $line | awk '{print $9}' | awk -F : '{print $1}'` disconnected from SSH";
					fi
				fi
			fi
		fi
	fi
done
Screenshot:


Desktop version
Requirements:
  • syslog-ng
  • >=bash
  • libnotify
Script:
Code:
ip=""
sudo tail -f /var/log/auth.log | while read line; do
	id=$((id+1));
	if [[ $id -gt 10 ]]; then
		if [ -n "$ip" ]; then
			notify-send "SSH Notifier" "`echo $line | awk '{print $11}'` disconnected from SSH from $ip!";
			ip=""
		else
			if [[ `echo $line | awk '{print $5}'` == sshd* ]]; then
				if [[ `echo $line | awk '{print $6}'` == Failed ]]; then
					notify-send "SSH Notifier" "`echo $line | awk '{print $9}'` failed to log in to SSH from `echo $line | awk '{print $11}'`!";
				else
					if [[ `echo $line | awk '{print $6}'` == Accepted ]]; then
						notify-send "SSH Notifier" "`echo $line | awk '{print $9}'` succefully logged in to SSH from `echo $line | awk '{print $11}'`!";
					else
						if [[ `echo $line | awk '{print $6}'` == Received ]] && [[ `echo $line | awk '{print $7}'` == disconnect ]]; then
							ip=`echo $line | awk '{print $9}' | awk -F : '{print $1}'`
						fi
					fi
				fi
			fi
		fi
	fi
done
Screenshot:
__________________
Couple of my applications:
ConnLock - Advanced phone lock
Sanakirja.org - A Sanakirja.org dictionary client
Wlan Driver Selector Applet - Switch easily between stock and bleeding edge drivers

Last edited by laasonen; 2011-06-11 at 15:31.
 

The Following 6 Users Say Thank You to laasonen For This Useful Post:
Posts: 96 | Thanked: 29 times | Joined on Jun 2011
#2
so each time I have to execute this script in background and keep it running ?

I think this script is not good in case I want to spy on someone when I give him/her my phone then I login with ssh and execuste x11vnc server and watch them live on vnc lol

also I think a better idea is allow only some trusted dns names or ips for SSH clients like my own PCs and other devices
 
laasonen's Avatar
Posts: 565 | Thanked: 618 times | Joined on Jun 2010 @ Finland
#3
Originally Posted by tonypower88 View Post
so each time I have to execute this script in background and keep it running ?
I decided to release this only as a script, but you can make it launch on startup pretty easily by adding it to /etc/event.d/ in this kind of format:
Code:
start on started hildon-desktop

respawn

script
//CODE
end script

Originally Posted by tonypower88 View Post
I think this script is not good in case I want to spy on someone when I give him/her my phone then I login with ssh and execuste x11vnc server and watch them live on vnc lol

also I think a better idea is allow only some trusted dns names or ips for SSH clients like my own PCs and other devices
I'm not interested in spying people, but feel free to modify the script yourself
__________________
Couple of my applications:
ConnLock - Advanced phone lock
Sanakirja.org - A Sanakirja.org dictionary client
Wlan Driver Selector Applet - Switch easily between stock and bleeding edge drivers
 
Posts: 176 | Thanked: 110 times | Joined on Jul 2010
#4
what is it with these James Bond wannabe's wanting to spy on other people!
 
Posts: 96 | Thanked: 29 times | Joined on Jun 2011
#5
Originally Posted by Jigzy View Post
what is it with these James Bond wannabe's wanting to spy on other people!
like letting someone to use msn on your phone , then go to other room with your computer login using ssh , execute x11vnc server in background = ) watch them on vnc
 
laasonen's Avatar
Posts: 565 | Thanked: 618 times | Joined on Jun 2010 @ Finland
#6
Originally Posted by tonypower88 View Post
like letting someone to use msn on your phone , then go to other room with your computer login using ssh , execute x11vnc server in background = ) watch them on vnc
This is illegal at least in here in Finland. Why would you like to break their trust and privacy?
__________________
Couple of my applications:
ConnLock - Advanced phone lock
Sanakirja.org - A Sanakirja.org dictionary client
Wlan Driver Selector Applet - Switch easily between stock and bleeding edge drivers
 
Posts: 2,225 | Thanked: 3,822 times | Joined on Jun 2010 @ Florida
#7
If you want to spy on people, that's your issue. Don't install it, then, and move on. However, if you'd like to know when others are spying on you, this is a very useful utility.

Doesn't sysklogd slowly fill up rootfs space with the logs, though?
 
hawaii's Avatar
Posts: 1,030 | Thanked: 792 times | Joined on Jun 2009
#8
Firstly, why would somebody have your root password? Secondly, why would you allow remote root log in? Thirdly, why would you be running daemons on an unsecured network?
 
Posts: 176 | Thanked: 110 times | Joined on Jul 2010
#9
Well maybe I am not as paranoid as some people!!!
 
jd4200's Avatar
Posts: 451 | Thanked: 424 times | Joined on Apr 2010 @ England
#10
Would this not be prone to high CPU usage, and leakage due to the constant polling?
 
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 14:29.