From 7e00b03a9382ee08fad8d9f40b9d60cc70f144f4 Mon Sep 17 00:00:00 2001 From: Cyril Jaquier Date: Sun, 10 Oct 2004 13:33:40 +0000 Subject: [PATCH] - add log reader classes. Currently support metalog and sshd but should handle others services and syslog yet git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@7 a942ae1a-1317-0410-a47c-b1dcaea8d605 --- logreader/__init__.py | 25 ++++++++++++++++ logreader/logreader.py | 67 ++++++++++++++++++++++++++++++++++++++++++ logreader/metalog.py | 65 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 157 insertions(+) create mode 100644 logreader/__init__.py create mode 100644 logreader/logreader.py create mode 100644 logreader/metalog.py diff --git a/logreader/__init__.py b/logreader/__init__.py new file mode 100644 index 00000000..76dba873 --- /dev/null +++ b/logreader/__init__.py @@ -0,0 +1,25 @@ +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# Author: Cyril Jaquier +# +# $Revision$ + +__author__ = "Cyril Jaquier" +__version__ = "$Revision$" +__date__ = "$Date$" +__copyright__ = "Copyright (c) 2004 Cyril Jaquier" +__license__ = "GPL" \ No newline at end of file diff --git a/logreader/logreader.py b/logreader/logreader.py new file mode 100644 index 00000000..492ed76d --- /dev/null +++ b/logreader/logreader.py @@ -0,0 +1,67 @@ +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# Author: Cyril Jaquier +# +# $Revision$ + +__author__ = "Cyril Jaquier" +__version__ = "$Revision$" +__date__ = "$Date$" +__copyright__ = "Copyright (c) 2004 Cyril Jaquier" +__license__ = "GPL" + +import os, sys + +class LogReader: + + def __init__(self, logPath, findTime = 3600): + self.logPath = logPath + self.findTime = findTime + self.ignoreIpList = [] + self.lastModTime = 0 + + def addIgnoreIP(self, ip): + self.ignoreIpList.append(ip) + + def inIgnoreIPList(self, ip): + return ip in self.ignoreIpList + + def openLogFile(self): + try: + fileHandler = open(self.logPath) + except OSError: + print "Unable to open", self.logPath + sys.exit(-1) + return fileHandler + + def isModified(self): + try: + logStats = os.stat(self.logPath) + except OSError: + print "Unable to get stat on", logPath + sys.exit(-1) + + if self.lastModTime == logStats.st_mtime: + return False + else: + print self.logPath, 'has been modified' + self.lastModTime = logStats.st_mtime + return True + + def getPwdFailure(self): + failList = self.getFailInfo(self.findTime) + return failList diff --git a/logreader/metalog.py b/logreader/metalog.py new file mode 100644 index 00000000..20a64766 --- /dev/null +++ b/logreader/metalog.py @@ -0,0 +1,65 @@ +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# Author: Cyril Jaquier +# +# $Revision$ + +__author__ = "Cyril Jaquier" +__version__ = "$Revision$" +__date__ = "$Date$" +__copyright__ = "Copyright (c) 2004 Cyril Jaquier" +__license__ = "GPL" + +import re, time + +from logreader import LogReader + +class Metalog(LogReader): + + def getFailInfo(self, findTime): + ipList = dict() + logFile = self.openLogFile() + for line in logFile.readlines(): + match = self.parseLogLine(line) + if match: + ip = match[0] + unixTime = match[1] + if unixTime < time.time()-self.findTime: + continue + if self.inIgnoreIPList(ip): + print 'Ignore', ip + continue + print 'Found', ip, 'at', unixTime + if ipList.has_key(ip): + ipList[ip] = (ipList[ip][0]+1, unixTime) + else: + ipList[ip] = (1, unixTime) + logFile.close() + return ipList + + def parseLogLine(self, line): + """ Match sshd failed password log + """ + if re.search("Failed password", line): + matchIP = re.search("(?:\d{1,3}\.){3}\d{1,3}", line) + if matchIP: + date = list(time.strptime(line[0:15], "%b %d %H:%M:%S")) + date[0] = time.gmtime()[0] + unixTime = time.mktime(date) + return [matchIP.group(), unixTime] + else: + return False