kpaste.net RSS- import os, gzip, socket, pickle, re, shutil, cPickle
- shutil.copy2('/home/pronto/logs/ssh_fails.p', '/home/pronto/logs/ssh_fails.old.p')
- def openfile(logfile):
- if 'gz' in logfile:
- celery = gzip.open(logfile, 'r')
- else:
- celery = open(logfile, 'r')
- return celery
- ip_count=[]
- for files in os.listdir('/var/log/'):
- if 'auth.log' in files:
- logfile="/var/log/"+files
- celery=openfile(logfile)
- for line in celery:
- if "Failed" in line:
- ip = re.findall( r'[0-9]+(?:\.[0-9]+){3}', line)
- if ip:
- if [x[0] for x in ip_count if x[0] == ip[0]]:
- index=[x[0] for x in ip_count].index(ip[0])
- count= ip_count[index][1]
- count += 1
- ip_count[index] = (ip[0],count, ip_count[index][2], ip_count[index][3])
- elif not [x[0] for x in ip_count if x[0] == ip[0]]:
- #type(ip)
- try:
- host = socket.gethostbyaddr(ip[0])[0]
- except:
- host = None
- ip_count.append((ip[0], 1, host , 0))
- ip_count.sort(key=lambda tup: tup[1], reverse=True)
- old_list=cPickle.load(open("/home/pronto/logs/ssh_fails.old.p","rb"))
- for ip in [x[0] for x in ip_count]:
- try:
- index_new=[x[0] for x in ip_count].index(ip)
- index_old=[x[0] for x in old_list].index(ip)
- #print "ip: " + str(ip) + " attempts: " + str(ip_count[index_new][1])
- #print "ip: " + old_list[index_old][0] + " attempts: " + str(old_list[index_old][1])
- #print "==================="
- if old_list[index_old][1] != ip_count[index_new][1]:
- att_diff = old_list[index_old][1] - ip_count[index_new][1]
- print "omg diff: " + str(att_diff)
- ip_count[index_new]=(ip_count[index_new][0], ip_count[index_new][1], ip_count[index_new][2], att_diff)
- except:
- pie="pie"
- pickle.dump(ip_count,open("/home/pronto/logs/ssh_fails.p", "wb"))
pythons!
Posted by Anonymous on Sat 1st Dec 2012 22:14
raw | new post
Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.