From ac9f6d4d0b35a4951676ff2345b6e521d1c42ae9 Mon Sep 17 00:00:00 2001 From: Wildan M Date: Wed, 27 Dec 2023 06:40:21 +0700 Subject: [PATCH] Much accurate sudokill ssh login detect --- package-lock.json | 4 ++-- package.json | 2 +- sudokill.js | 19 +++++++++++-------- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index dd69cc4..7626bc7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "domcloud-bridge", - "version": "0.34.3", + "version": "0.35.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "domcloud-bridge", - "version": "0.34.3", + "version": "0.35.0", "license": "MIT", "dependencies": { "axios": "^1.6.2", diff --git a/package.json b/package.json index c967f7b..df60d37 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "domcloud-bridge", - "version": "0.34.3", + "version": "0.35.0", "description": "Deployment runner for DOM Cloud", "main": "app.js", "engines": { diff --git a/sudokill.js b/sudokill.js index 5ec3866..02c4f29 100644 --- a/sudokill.js +++ b/sudokill.js @@ -11,7 +11,12 @@ const opts = cli.parse({ ignore: ['i', 'Ignore user list', 'string', ''], }); -const output = exec('ps -eo user:20,pid,etimes,command --forest --no-headers', { +const psOutput = exec('ps -eo user:20,pid,etimes,command --forest --no-headers', { + silent: true, + fatal: true, +}).stdout.trim().split('\n'); + +const whoOutput = exec('who', { silent: true, fatal: true, }).stdout.trim().split('\n'); @@ -26,24 +31,22 @@ ignoreUsers.root = true; // process and filter output const splitTest = /^([\w.-]+\+?) +(\d+) +(\d+) (.+)$/; -const lists = output +const lists = psOutput .map(x => splitTest.exec(x)) .filter(x => x !== null && !ignoreUsers[x[1]]).map(match => ({ raw: match[0], user: match[1], pid: match[2], - etimes: match[3], + etimes: parseInt(match[3]), command: match[4], })); -for (const item of lists) { - if (item.command === ' \\_ (sd-pam)') { - ignoreUsers[item.user] = true; - } +for (const item of whoOutput) { + ignoreUsers[item.match(/^[\w.-]+/)[0]] = true; } // scan for any processes not in ssh sessions or longer than 3 hours -let candidates = lists.filter(x => parseInt(x.etimes) > 10800 || (x.command[0] != ' ' && !ignoreUsers[x.user])); +let candidates = lists.filter(x => x.etimes > 10800 || (x.command[0] != ' ' && !ignoreUsers[x.user] && x.etimes > 60)); if (opts.test) { console.log(candidates.map(x => x.raw).join('\n'));