update lastlog based on shell close, not on transport close

also don't keep lastlog for exec commands, as unix does
2015-03-11 12:45:03 +00:00 · 2015-03-11 12:45:03 +00:00 · 60932db100
parent 613e277832
commit 60932db100
2 changed files with 12 additions and 14 deletions
--- a/kippo/core/protocol.py
+++ b/kippo/core/protocol.py
@ -12,6 +12,7 @@ from twisted.python import log

 import honeypot
 import ttylog
+import utils
 from config import config

 class HoneyPotBaseProtocol(insults.TerminalProtocol):
@ -40,7 +41,7 @@ class HoneyPotBaseProtocol(insults.TerminalProtocol):
        self.realClientIP = transport.transport.getPeer().host
        self.realClientPort = transport.transport.getPeer().port
        self.clientVersion = transport.otherVersionString
-        self.logintime = transport.logintime
+        self.logintime = time.time()

        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
@ -176,9 +177,19 @@ class HoneyPotInteractiveProtocol(HoneyPotBaseProtocol, recvline.HistoricRecvLin
        except:
            pass

+    def lastlogExit(self):
+        starttime = time.strftime('%a %b %d %H:%M',
+            time.localtime(self.logintime))
+        endtime = time.strftime('%H:%M',
+            time.localtime(time.time()))
+        duration = utils.durationHuman(time.time() - self.logintime)
+        utils.addToLastlog('root\tpts/0\t%s\t%s - %s (%s)' % \
+            (self.clientIP, starttime, endtime, duration))
+
    # this doesn't seem to be called upon disconnect, so please use
    # HoneyPotTransport.connectionLost instead
    def connectionLost(self, reason):
+        self.lastlogExit()
        HoneyPotBaseProtocol.connectionLost(self, reason)
        recvline.HistoricRecvLine.connectionLost(self, reason)

--- a/kippo/core/ssh.py
+++ b/kippo/core/ssh.py
@ -21,7 +21,6 @@ from twisted.conch.ssh.common import NS, getNS

 import ConfigParser

-import utils
 import fs
 import sshserver
 import auth
@ -184,7 +183,6 @@ class HoneyPotTransport(sshserver.KippoSSHServerTransport):
    """

    def connectionMade(self):
-        self.logintime = time.time()
        self.transportId = uuid.uuid4().hex[:8]
        self.interactors = []

@ -227,16 +225,6 @@ class HoneyPotTransport(sshserver.KippoSSHServerTransport):

        return sshserver.KippoSSHServerTransport.ssh_KEXINIT(self, packet)

-    def lastlogExit(self):
-        starttime = time.strftime('%a %b %d %H:%M',
-            time.localtime(self.logintime))
-        endtime = time.strftime('%H:%M',
-            time.localtime(time.time()))
-        duration = utils.durationHuman(time.time() - self.logintime)
-        clientIP = self.transport.getPeer().host
-        utils.addToLastlog('root\tpts/0\t%s\t%s - %s (%s)' % \
-            (clientIP, starttime, endtime, duration))
-
    # this seems to be the only reliable place of catching lost connection
    def connectionLost(self, reason):
        log.msg( "Connection Lost in SSH Transport" )
@ -244,7 +232,6 @@ class HoneyPotTransport(sshserver.KippoSSHServerTransport):
            i.sessionClosed()
        if self.transport.sessionno in self.factory.sessions:
            del self.factory.sessions[self.transport.sessionno]
-        self.lastlogExit()
        sshserver.KippoSSHServerTransport.connectionLost(self, reason)

 class HoneyPotSSHSession(session.SSHSession):