def __init__(self, logfile, prefs, lock_file, ignore_offset=0, first_time=0, noemail=0, daemon=0): self.__denied_hosts = {} self.__prefs = prefs self.__lock_file = lock_file self.__first_time = first_time self.__noemail = noemail self.__report = Report(prefs.get("HOSTNAME_LOOKUP"), is_true(prefs['SYSLOG_REPORT'])) self.__daemon = daemon self.__sync_server = prefs.get('SYNC_SERVER') self.__sync_upload = is_true(prefs.get("SYNC_UPLOAD")) self.__sync_download = is_true(prefs.get("SYNC_DOWNLOAD")) r = Restricted(prefs) self.__restricted = r.get_restricted() info("restricted: %s", self.__restricted) self.init_regex() try: self.file_tracker = FileTracker(self.__prefs.get('WORK_DIR'), logfile) except Exception, e: self.__lock_file.remove() die("Can't read: %s" % logfile, e)
def __init__(self, prefs, allowed_hosts, suspicious_always=1, first_time=0, fetch_all=1, restricted=None): if restricted == None: restricted = set() self.__restricted = restricted self.__work_dir = prefs.get('WORK_DIR') self.__deny_threshold_invalid = prefs.get('DENY_THRESHOLD_INVALID') self.__deny_threshold_valid = prefs.get('DENY_THRESHOLD_VALID') self.__deny_threshold_root = prefs.get('DENY_THRESHOLD_ROOT') self.__deny_threshold_restricted = prefs.get('DENY_THRESHOLD_RESTRICTED') self.__age_reset_invalid = prefs.get('AGE_RESET_INVALID') self.__age_reset_valid = prefs.get('AGE_RESET_VALID') self.__age_reset_root = prefs.get('AGE_RESET_ROOT') self.__age_reset_restricted = prefs.get('AGE_RESET_RESTRICTED') self.__reset_on_success = is_true(prefs.get('RESET_ON_SUCCESS')) self.__first_time = first_time self.__suspicious_always = suspicious_always self.__allowed_hosts = allowed_hosts if fetch_all: self.__suspicious_logins = self.get_suspicious_logins() self.__valid_users = self.get_abused_users_valid() self.__invalid_users = self.get_abused_users_invalid() self.__valid_users_and_hosts = self.get_abused_users_and_hosts() self.__abusive_hosts_valid = self.get_abusive_hosts_valid() self.__abusive_hosts_invalid = self.get_abusive_hosts_invalid() self.__abusive_hosts_root = self.get_abusive_hosts_root() self.__abusive_hosts_restricted = self.get_abusive_hosts_restricted() self.__new_suspicious_logins = Counter()
def __init__(self, prefs, allowed_hosts, suspicious_always=1, first_time=0, fetch_all=1, restricted=None): if restricted is None: restricted = set() self.__restricted = restricted self.__work_dir = prefs.get('WORK_DIR') self.__deny_threshold_invalid = prefs.get('DENY_THRESHOLD_INVALID') self.__deny_threshold_valid = prefs.get('DENY_THRESHOLD_VALID') self.__deny_threshold_root = prefs.get('DENY_THRESHOLD_ROOT') self.__deny_threshold_restricted = prefs.get('DENY_THRESHOLD_RESTRICTED') self.__age_reset_invalid = prefs.get('AGE_RESET_INVALID') self.__age_reset_valid = prefs.get('AGE_RESET_VALID') self.__age_reset_root = prefs.get('AGE_RESET_ROOT') self.__age_reset_restricted = prefs.get('AGE_RESET_RESTRICTED') self.__reset_on_success = is_true(prefs.get('RESET_ON_SUCCESS')) self.__first_time = first_time self.__suspicious_always = suspicious_always self.__allowed_hosts = allowed_hosts if fetch_all: self.__suspicious_logins = self.get_suspicious_logins() self.__valid_users = self.get_abused_users_valid() self.__invalid_users = self.get_abused_users_invalid() self.__valid_users_and_hosts = self.get_abused_users_and_hosts() self.__abusive_hosts_valid = self.get_abusive_hosts_valid() self.__abusive_hosts_invalid = self.get_abusive_hosts_invalid() self.__abusive_hosts_root = self.get_abusive_hosts_root() self.__abusive_hosts_restricted = self.get_abusive_hosts_restricted() self.__new_suspicious_logins = Counter()
def __init__(self, hostname_lookup, use_syslog=False): self.report = "" if use_syslog and not HAS_SYSLOG: warn("syslog is unavailable on this platform") self.use_syslog = use_syslog and HAS_SYSLOG if self.use_syslog: syslog.openlog("denyhosts") self.hostname_lookup = is_true(hostname_lookup)
def __init__(self, prefs): debug("initializing AllowedHosts") work_dir = prefs.get("WORK_DIR") self.hostname_lookup = is_true(prefs.get("ALLOWED_HOSTS_HOSTNAME_LOOKUP")) self.allowed_path = os.path.join(work_dir, ALLOWED_HOSTS) self.warned_path = os.path.join(work_dir, ALLOWED_WARNED_HOSTS) self.allowed_hosts = {} self.warned_hosts = {} self.new_warned_hosts = [] self.load_hosts() self.load_warned_hosts() debug("done initializing AllowedHosts")
elif logfile.endswith(".bz2"): if HAS_BZ2: fp = bz2.BZ2File(logfile, "r") else: raise Exception, "Can not open bzip2 file (missing bz2 module)" else: fp = open(logfile, "r") except Exception, e: print "Could not open log file: %s" % logfile print e return -1 try: fp.seek(offset) except IOError: pass suspicious_always = is_true(self.__prefs.get('SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS')) login_attempt = LoginAttempt(self.__prefs, self.__allowed_hosts, suspicious_always, self.__first_time, 1, # fetch all self.__restricted) for line in fp: success = invalid = 0 sshd_m = self.__sshd_format_regex.match(line) if not sshd_m: continue message = sshd_m.group('message') m = None
if HAS_BZ2: fp = bz2.BZ2File(logfile, "r") else: raise Exception, "Can not open bzip2 file (missing bz2 module)" else: fp = open(logfile, "r") except Exception, e: print "Could not open log file: %s" % logfile print e return -1 try: fp.seek(offset) except IOError: pass suspicious_always = is_true( self.__prefs.get('SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS')) login_attempt = LoginAttempt( self.__prefs, self.__allowed_hosts, suspicious_always, self.__first_time, 1, # fetch all self.__restricted) for line in fp: success = invalid = 0 m = None sshd_m = self.__sshd_format_regex.match(line) if sshd_m: message = sshd_m.group('message')