Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

Untitled
Posted by Anonymous on Sat 8th Dec 2012 00:31
raw | new post

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
import os, gzip, socket, re, shutil, cPickle, operator, GeoIP #config stuffs.... path='/home/pronto/logs/' newfile="ssh_fails.dict.p" oldfil="ssh_fails.dict.old.p" gi = GeoIP.open("/home/pronto/scripts/ssh-fail/GeoLiteCity.dat",GeoIP.GEOIP_STANDARD) shutil.copy2('/home/pronto/logs/ssh_fails.dict.p', '/home/pronto/logs/ssh_fails.dict.old.p') ignore_ip = ['75.101.142.201', '198.101.145.249', '76.21.11.37'] def openfile(logfile): if 'gz' in logfile: celery = gzip.open(logfile, 'r') else: celery = open(logfile, 'r') return celery def get_index(seq, attribute, value): return next(index for (index, d) in enumerate(seq) if d[attribute] == value) def ipcheck(ip,dns): dns_ip=socket.gethostbyname_ex(dns)[2] if ip not in dns_ip: return "IP: "+ dns_ip[0] else: return "good" def port_check(address, port): s = socket.socket() s.settimeout(1) try: s.connect((address, port)) return True except: return False ip_dict = [] for files in os.listdir('/var/log'): if 'auth.log' in files: logfile = "/var/log/" + files celery = openfile(logfile) for line in celery: if "Failed" in line: if "pronto" not in line: ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}', line) if ip: if ip[0] not in ignore_ip: try: index = get_index(ip_dict, 'IP', ip[0]) ip_dict[index]['attempts'] += 1 ip_dict[index]['geo'] = gi.record_by_addr(ip[0])['country_name'] except: try: host = socket.gethostbyaddr(ip[0])[0] checker = ipcheck(ip[0], host) ip_dict.append({"IP": ip[0], "attempts": 1, "RDNS": host, "IPCHECK": checker}) except: ip_dict.append({"IP": ip[0], "attempts": 1, "RDNS": None, "IPCHECK": None}) ip_dict.sort(key=operator.itemgetter('attempts'), reverse=True) old_list=cPickle.load(open("/home/pronto/logs/ssh_fails.dict.old.p","rb")) for a in ip_dict: try: index_old=get_index(old_list,'IP',a['IP']) index_new=get_index(ip_dict,'IP',a['IP']) if ip_dict[index_new]['IP'] == old_list[index_old]['IP']: diff = ip_dict[index_new]['attempts']-old_list[index_old]['attempts'] ip_dict[index_new]['new']=diff else: ip_dict[index_new]['new']=0 except: ip_dict[index_new]['new']=0 for a in ip_dict: if a['attempts'] > 99: index=get_index(ip_dict,'IP',a['IP']) ip_dict[index]['Port80']=port_check(a['IP'],80) ip_dict[index]['Port443']=port_check(a['IP'],443) ip_dict[index]['Port22']=port_check(a['IP'],22) cPickle.dump(ip_dict,open("/home/pronto/logs/ssh_fails.dict.p", "wb"))

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at