def __init__(self, logfile, prefs, lock_file,
ignore_offset=0, first_time=0,
noemail=0, daemon=0):
self.__denied_hosts = {}
self.__prefs = prefs
self.__lock_file = lock_file
self.__first_time = first_time
self.__noemail = noemail
self.__report = Report(prefs.get("HOSTNAME_LOOKUP"), is_true(prefs['SYSLOG_REPORT']))
self.__daemon = daemon
self.__sync_server = prefs.get('SYNC_SERVER')
self.__sync_upload = is_true(prefs.get("SYNC_UPLOAD"))
self.__sync_download = is_true(prefs.get("SYNC_DOWNLOAD"))
r = Restricted(prefs)
self.__restricted = r.get_restricted()
info("restricted: %s", self.__restricted)
self.init_regex()
try:
self.file_tracker = FileTracker(self.__prefs.get('WORK_DIR'),
logfile)
except Exception, e:
self.__lock_file.remove()
die("Can't read: %s" % logfile, e)
def __init__(self, logfile, prefs, lock_file,
ignore_offset=0, first_time=0,
noemail=0, daemon=0):
self.__denied_hosts = {}
self.__prefs = prefs
self.__lock_file = lock_file
self.__first_time = first_time
self.__noemail = noemail
self.__report = Report(prefs.get("HOSTNAME_LOOKUP"), is_true(prefs['SYSLOG_REPORT']))
self.__daemon = daemon
self.__sync_server = prefs.get('SYNC_SERVER')
self.__sync_upload = is_true(prefs.get("SYNC_UPLOAD"))
self.__sync_download = is_true(prefs.get("SYNC_DOWNLOAD"))
r = Restricted(prefs)
self.__restricted = r.get_restricted()
info("restricted: %s", self.__restricted)
self.init_regex()
try:
self.file_tracker = FileTracker(self.__prefs.get('WORK_DIR'),
logfile)
except Exception, e:
self.__lock_file.remove()
die("Can't read: %s" % logfile, e)
def __init__(self, prefs, allowed_hosts, suspicious_always=1,
first_time=0, fetch_all=1, restricted=None):
if restricted == None: restricted = set()
self.__restricted = restricted
self.__work_dir = prefs.get('WORK_DIR')
self.__deny_threshold_invalid = prefs.get('DENY_THRESHOLD_INVALID')
self.__deny_threshold_valid = prefs.get('DENY_THRESHOLD_VALID')
self.__deny_threshold_root = prefs.get('DENY_THRESHOLD_ROOT')
self.__deny_threshold_restricted = prefs.get('DENY_THRESHOLD_RESTRICTED')
self.__age_reset_invalid = prefs.get('AGE_RESET_INVALID')
self.__age_reset_valid = prefs.get('AGE_RESET_VALID')
self.__age_reset_root = prefs.get('AGE_RESET_ROOT')
self.__age_reset_restricted = prefs.get('AGE_RESET_RESTRICTED')
self.__reset_on_success = is_true(prefs.get('RESET_ON_SUCCESS'))
self.__first_time = first_time
self.__suspicious_always = suspicious_always
self.__allowed_hosts = allowed_hosts
if fetch_all:
self.__suspicious_logins = self.get_suspicious_logins()
self.__valid_users = self.get_abused_users_valid()
self.__invalid_users = self.get_abused_users_invalid()
self.__valid_users_and_hosts = self.get_abused_users_and_hosts()
self.__abusive_hosts_valid = self.get_abusive_hosts_valid()
self.__abusive_hosts_invalid = self.get_abusive_hosts_invalid()
self.__abusive_hosts_root = self.get_abusive_hosts_root()
self.__abusive_hosts_restricted = self.get_abusive_hosts_restricted()
self.__new_suspicious_logins = Counter()
def __init__(self, prefs, allowed_hosts, suspicious_always=1,
first_time=0, fetch_all=1, restricted=None):
if restricted is None:
restricted = set()
self.__restricted = restricted
self.__work_dir = prefs.get('WORK_DIR')
self.__deny_threshold_invalid = prefs.get('DENY_THRESHOLD_INVALID')
self.__deny_threshold_valid = prefs.get('DENY_THRESHOLD_VALID')
self.__deny_threshold_root = prefs.get('DENY_THRESHOLD_ROOT')
self.__deny_threshold_restricted = prefs.get('DENY_THRESHOLD_RESTRICTED')
self.__age_reset_invalid = prefs.get('AGE_RESET_INVALID')
self.__age_reset_valid = prefs.get('AGE_RESET_VALID')
self.__age_reset_root = prefs.get('AGE_RESET_ROOT')
self.__age_reset_restricted = prefs.get('AGE_RESET_RESTRICTED')
self.__reset_on_success = is_true(prefs.get('RESET_ON_SUCCESS'))
self.__first_time = first_time
self.__suspicious_always = suspicious_always
self.__allowed_hosts = allowed_hosts
if fetch_all:
self.__suspicious_logins = self.get_suspicious_logins()
self.__valid_users = self.get_abused_users_valid()
self.__invalid_users = self.get_abused_users_invalid()
self.__valid_users_and_hosts = self.get_abused_users_and_hosts()
self.__abusive_hosts_valid = self.get_abusive_hosts_valid()
self.__abusive_hosts_invalid = self.get_abusive_hosts_invalid()
self.__abusive_hosts_root = self.get_abusive_hosts_root()
self.__abusive_hosts_restricted = self.get_abusive_hosts_restricted()
self.__new_suspicious_logins = Counter()
def __init__(self, hostname_lookup, use_syslog=False):
self.report = ""
if use_syslog and not HAS_SYSLOG:
warn("syslog is unavailable on this platform")
self.use_syslog = use_syslog and HAS_SYSLOG
if self.use_syslog:
syslog.openlog("denyhosts")
self.hostname_lookup = is_true(hostname_lookup)
def __init__(self, hostname_lookup, use_syslog=False):
self.report = ""
if use_syslog and not HAS_SYSLOG:
warn("syslog is unavailable on this platform")
self.use_syslog = use_syslog and HAS_SYSLOG
if self.use_syslog:
syslog.openlog("denyhosts")
self.hostname_lookup = is_true(hostname_lookup)
def __init__(self, prefs):
debug("initializing AllowedHosts")
work_dir = prefs.get("WORK_DIR")
self.hostname_lookup = is_true(prefs.get("ALLOWED_HOSTS_HOSTNAME_LOOKUP"))
self.allowed_path = os.path.join(work_dir, ALLOWED_HOSTS)
self.warned_path = os.path.join(work_dir, ALLOWED_WARNED_HOSTS)
self.allowed_hosts = {}
self.warned_hosts = {}
self.new_warned_hosts = []
self.load_hosts()
self.load_warned_hosts()
debug("done initializing AllowedHosts")
elif logfile.endswith(".bz2"):
if HAS_BZ2: fp = bz2.BZ2File(logfile, "r")
else: raise Exception, "Can not open bzip2 file (missing bz2 module)"
else:
fp = open(logfile, "r")
except Exception, e:
print "Could not open log file: %s" % logfile
print e
return -1
try:
fp.seek(offset)
except IOError:
pass
suspicious_always = is_true(self.__prefs.get('SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS'))
login_attempt = LoginAttempt(self.__prefs,
self.__allowed_hosts,
suspicious_always,
self.__first_time,
1, # fetch all
self.__restricted)
for line in fp:
success = invalid = 0
sshd_m = self.__sshd_format_regex.match(line)
if not sshd_m: continue
message = sshd_m.group('message')
m = None
if HAS_BZ2: fp = bz2.BZ2File(logfile, "r")
else:
raise Exception, "Can not open bzip2 file (missing bz2 module)"
else:
fp = open(logfile, "r")
except Exception, e:
print "Could not open log file: %s" % logfile
print e
return -1
try:
fp.seek(offset)
except IOError:
pass
suspicious_always = is_true(
self.__prefs.get('SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS'))
login_attempt = LoginAttempt(
self.__prefs,
self.__allowed_hosts,
suspicious_always,
self.__first_time,
1, # fetch all
self.__restricted)
for line in fp:
success = invalid = 0
m = None
sshd_m = self.__sshd_format_regex.match(line)
if sshd_m:
message = sshd_m.group('message')
