New Features Available

[JavaScriptDude]

Good day.

Thanks for making this library.

I have made a fork with some big enhancements. Please take a look when you get a chance.

Let me know if you would like to pull in some of these updates.

• Tim

[JavaScriptDude]

Feel free to close this any time.

[vesche]

Very cool! I'm glad you're getting good use out of this tool & extending it to fit your needs.

I like some of the changes, especially adding optional geolocation to the IP addresses. I will look into adding that. Although, I probably wouldn't pull in the code to flag certain regions. This tool is mostly for simple inspection and diagnostic purposes, alerting / flagging is more in the domain of a tool like Little Snitch / opensnitch.

I also like the switch option to silence the output for use when logging. I will add that. 👍

If I get a chance tomorrow I'll look at making some updates, if I can't cherry pick the changes directly to give you proper credit I will give you a shout-out in the README.

~vesche

P.S. In your fork you can remove fnmatch from your requirements.txt as it's part of the standard library.

[protectroot-com]

Hi, have either of you considered adding file hash support? Knowing /usr/bin/sshd is running is helpful, but the file hash would help people see processName match/missmatch across many servers and containers. Rare hashes could be reason to upgrade or investigate malicious files.

[JavaScriptDude]

I have a modified version here that writes to a SQLite DB and has filtering capabilities. You could instrument that version to record SSH process information and then write a separate program to collate the SQLite data and analyze in real time.
.

[vesche]

Just wanted to post an update here. Sorry for the delay on this, I work full time as a software engineer and have lots of other projects. v1.2.1 is live here with some of these updates: https://pypi.org/project/histstat/

@protectroot-com I added file hash support (--hash) as you recommended (md5 & sha256). It slows down the execution a bit to run a file hash on a process binary for each network connection, but it does work! Thanks for the idea.

@JavaScriptDude I added quiet mode for logging and am working on adding the optional IP geolocation. I gave you a shout out in the "Thanks" section of the README. The work you've done on your fork is really awesome. In version 1.3 (hopefully coming soon) I hope to add the IP geolocation, SQLite output option, and the interface specification.

Thanks for the patience & I'm so glad y'all are getting some use out of this little command-line tool! All the best, ~vesche

[JavaScriptDude]

@vesche Thanks for the note and the cool program.

[protectroot-com]

cheers!

[JavaScriptDude]

FYI - Just released a new version after I found my original filtering design wanting. I wrote a new package called WherEval (https://pypi.org/project/whereval/) which allows passing complex SQL like where clauses as CLI parameters for filtering of live data.