def parse(string, rule_list): if string_utils.is_blank(string) or not rule_list: return None string = string.strip() for rule in rule_list: rule_type = rule.get('type').strip() if rule.has_key('type') else '' rule_type = 'regex' if rule_type == '' else rule_type pattern = rule.get('pattern') if rule.has_key('pattern') else '' if rule_type == 'regex': if regex_utils.check_line(pattern, string): value_list = regex_utils.parse_line(pattern, string) map_index = __build_map_index(rule) return __map_with_index(value_list, map_index) elif rule_type == 'split': match = rule.get('match') if rule.has_key('match') else '' if __is_match(match, string): value_list = string.split(pattern) map_index = __build_map_index(rule) return __map_with_index(value_list, map_index) elif rule_type == 'keyword': match = rule.get('match') if rule.has_key('match') else '' if __is_match(match, string): map_index = __build_map_index(rule) return __map_with_keyword(string, map_index.values()) return None
def __match(line_num, line_text, model, pattern): if str_utils.is_blank(line_text): return False if str_utils.is_blank(pattern): return True patterns = [] if type(pattern) == types.ListType: patterns = pattern elif type(pattern) == types.FunctionType: patterns = [pattern] else: patterns = [str(pattern)] if str_utils.is_empty(model): model = "s" model = model.lower() for match_pattern in patterns: if model == "s": if match_pattern in line_text: return True elif model == "n": _min, _max = __split_region(match_pattern) if line_num >= _min and line_num <= _max: return True elif model == "e": if regex_utils.check_line(match_pattern, line_text): return True elif model == "a": if type(pattern) == types.FunctionType: if pattern(line_text): return True return False
def __match(line_num, line_text, model, pattern): if str_utils.is_blank(line_text): return False if str_utils.is_blank(pattern): return True patterns = [] if type(pattern) == types.ListType: patterns = pattern elif type(pattern) == types.FunctionType: patterns = [pattern] else: patterns = [str(pattern)] if str_utils.is_empty(model): model = 's' model = model.lower() for match_pattern in patterns: if model == 's': if match_pattern in line_text: return True elif model == 'n': _min, _max = __split_region(match_pattern) if line_num >= _min and line_num <= _max: return True elif model == 'e': if regex_utils.check_line(match_pattern, line_text): return True elif model == 'a': if type(pattern) == types.FunctionType: if pattern(line_text): return True return False
def write_file(filename, text, encoding = 'utf-8', end_of_line = '\n'): if string_utils.is_blank(filename): raise IOError('filename is None') try: text_file = codecs.open(filename, 'w', encoding) if isinstance(text, list): for line in text: text_file.write(line + end_of_line) elif isinstance(text, basestring): text_file.write(text) text_file.close() except IOError: pass
def read_file(filename, tail= 'all', encoding = 'utf-8', strip = False): if string_utils.is_blank(filename): raise IOError('filename is None') text = [] try: text_file = codecs.open(filename, 'r', encoding) text = [line.strip() if strip else line for line in text_file.readlines()] if tail and tail != 'all': if string_utils.is_numeric(tail): _tail = int(tail) _size = len(text) if _tail < _size: text = text[_size - _tail : _size] text_file.close() except IOError: text = None return text
def group(text, rule_list): if string_utils.is_blank(text) or not rule_list: return None group_value = {} for rule_item in rule_list: name = rule_item.get('name') if rule_item.has_key('name') else 'NONE' patterns = rule_item.get('pattern') if rule_item.has_key('pattern') else [] if type(patterns) == types.StringType: patterns = [patterns] for line in text: for pattern in patterns: if regex_utils.check_line(pattern, line): group_items = group_value.get(name) if group_value.has_key(name) else [] group_items.append(line) group_value[name] = group_items return group_value
def group(text, rule_list): if string_utils.is_blank(text) or not rule_list: return None group_value = {} for rule_item in rule_list: name = rule_item.get('name') if rule_item.has_key('name') else 'NONE' patterns = rule_item.get('pattern') if rule_item.has_key( 'pattern') else [] if type(patterns) == types.StringType: patterns = [patterns] for line in text: for pattern in patterns: if regex_utils.check_line(pattern, line): group_items = group_value.get(name) if group_value.has_key( name) else [] group_items.append(line) group_value[name] = group_items return group_value
def main(): parser = argparse.ArgumentParser(description='See README') parser.add_argument('-c', '--count', default=1, type=int, help='with how many failure times it should be considered as an attack') parser.add_argument('-lf', '--logfile', default='', type=str, help='log file') parser.add_argument('-ex', '--exclude', default='', type=str, help='exclude ip') parser.add_argument('-redis_host', '--redis_host', default='', type=str, help='redis host') parser.add_argument('-redis_port', '--redis_port', default='', type=str, help='redis port') parser.add_argument('-redis_pwd', '--redis_pwd', default='', type=str, help='redis password') config = parser.parse_args() redis_client = get_redis_client(config.redis_host, config.redis_port, config.redis_pwd) log.info(config.logfile) log.info('file exist %s' % str(os.path.isfile(config.logfile))) file = open(config.logfile, "r") while 1: try: line = file.readline() except Exception, e5: if file is not None: try: file.close() except: pass file = open(config.logfile, "r") log.info(e5) log.info(traceback.format_exc()) pass try: log.info(line) if not string_utils.is_blank(line): if line.find('can not parse header when') >= 0: ip = str(line.split()[-1].split(':')[0]).strip() if config.exclude != ip: if not string_utils.is_blank(ip): if get_value(redis_client, ip) is None: set_value(redis_client, ip, 1) cmd = 'sudo iptables -A INPUT -s %s -j DROP' % ip log.info(cmd) os.system(cmd) else: log.info('ip in the cache') else: log.info('ip is blank') else: log.info('exclude ip') else: log.info('line is blank') time.sleep(2) except Exception, e: log.info(e) log.info(traceback.format_exc()) pass