Merge pull request #72 from sean797/sessions

Fixes #68 - recognised SSH sessions correctly
FrostyX · Nov 28, 2016 · d651e98 · d651e98
2 parents 10e5587 + 7ea0157
commit d651e98
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/tests/test_tracer.py b/tests/test_tracer.py
@@ -49,6 +49,10 @@ def real_name(self):
 	def is_interpreted(self):
 		return False
 
+	@property
+	def is_session(self):
+                return False
+
 	def create_time(self):
 		return self._create_time
 

diff --git a/tracer/resources/applications.py b/tracer/resources/applications.py
@@ -187,9 +187,18 @@ def is_interpreted(self):
 		# @TODO check all instances
 		return self.instances and self.instances[0].is_interpreted
 
+	@property
+	def is_session(self):
+                return self.instances and self.instances[0].is_session
+
 	@property
 	def type(self):
-		return Applications.TYPES["DAEMON"] if self.has_service_file else self._attributes["type"]
+                if self.is_session:
+                        return Applications.TYPES["SESSION"]
+                elif self.has_service_file:
+                        return Applications.TYPES["DAEMON"]
+                else:
+                        return self._attributes["type"]
 
 	@property
 	def has_service_file(self):

diff --git a/tracer/resources/processes.py b/tracer/resources/processes.py
@@ -22,6 +22,7 @@
 import datetime
 import time
 import os
+import re
 
 
 class Processes(object):
@@ -181,6 +182,13 @@ def is_interpreted(self):
 		# @TODO implement better detection of interpreted processes
 		return self.name() in ["python"]
 
+	@property
+	def is_session(self):
+                if self.terminal() is not None:
+                        return True
+                if re.search("sshd\:\ .*\ \[priv\]", str(self.cmdline())):
+                        return True
+
 	@property
 	def real_name(self):
 		if self.is_interpreted: