def parse(string, rule_list):
if string_utils.is_blank(string) or not rule_list:
return None
string = string.strip()
for rule in rule_list:
rule_type = rule.get('type').strip() if rule.has_key('type') else ''
rule_type = 'regex' if rule_type == '' else rule_type
pattern = rule.get('pattern') if rule.has_key('pattern') else ''
if rule_type == 'regex':
if regex_utils.check_line(pattern, string):
value_list = regex_utils.parse_line(pattern, string)
map_index = __build_map_index(rule)
return __map_with_index(value_list, map_index)
elif rule_type == 'split':
match = rule.get('match') if rule.has_key('match') else ''
if __is_match(match, string):
value_list = string.split(pattern)
map_index = __build_map_index(rule)
return __map_with_index(value_list, map_index)
elif rule_type == 'keyword':
match = rule.get('match') if rule.has_key('match') else ''
if __is_match(match, string):
map_index = __build_map_index(rule)
return __map_with_keyword(string, map_index.values())
return None
def parse(string, rule_list):
if string_utils.is_blank(string) or not rule_list:
return None
string = string.strip()
for rule in rule_list:
rule_type = rule.get('type').strip() if rule.has_key('type') else ''
rule_type = 'regex' if rule_type == '' else rule_type
pattern = rule.get('pattern') if rule.has_key('pattern') else ''
if rule_type == 'regex':
if regex_utils.check_line(pattern, string):
value_list = regex_utils.parse_line(pattern, string)
map_index = __build_map_index(rule)
return __map_with_index(value_list, map_index)
elif rule_type == 'split':
match = rule.get('match') if rule.has_key('match') else ''
if __is_match(match, string):
value_list = string.split(pattern)
map_index = __build_map_index(rule)
return __map_with_index(value_list, map_index)
elif rule_type == 'keyword':
match = rule.get('match') if rule.has_key('match') else ''
if __is_match(match, string):
map_index = __build_map_index(rule)
return __map_with_keyword(string, map_index.values())
return None
def __match(line_num, line_text, model, pattern):
if str_utils.is_blank(line_text):
return False
if str_utils.is_blank(pattern):
return True
patterns = []
if type(pattern) == types.ListType:
patterns = pattern
elif type(pattern) == types.FunctionType:
patterns = [pattern]
else:
patterns = [str(pattern)]
if str_utils.is_empty(model):
model = "s"
model = model.lower()
for match_pattern in patterns:
if model == "s":
if match_pattern in line_text:
return True
elif model == "n":
_min, _max = __split_region(match_pattern)
if line_num >= _min and line_num <= _max:
return True
elif model == "e":
if regex_utils.check_line(match_pattern, line_text):
return True
elif model == "a":
if type(pattern) == types.FunctionType:
if pattern(line_text):
return True
return False
def __match(line_num, line_text, model, pattern):
if str_utils.is_blank(line_text):
return False
if str_utils.is_blank(pattern):
return True
patterns = []
if type(pattern) == types.ListType:
patterns = pattern
elif type(pattern) == types.FunctionType:
patterns = [pattern]
else:
patterns = [str(pattern)]
if str_utils.is_empty(model):
model = 's'
model = model.lower()
for match_pattern in patterns:
if model == 's':
if match_pattern in line_text:
return True
elif model == 'n':
_min, _max = __split_region(match_pattern)
if line_num >= _min and line_num <= _max:
return True
elif model == 'e':
if regex_utils.check_line(match_pattern, line_text):
return True
elif model == 'a':
if type(pattern) == types.FunctionType:
if pattern(line_text):
return True
return False
def write_file(filename, text, encoding = 'utf-8', end_of_line = '\n'):
if string_utils.is_blank(filename):
raise IOError('filename is None')
try:
text_file = codecs.open(filename, 'w', encoding)
if isinstance(text, list):
for line in text:
text_file.write(line + end_of_line)
elif isinstance(text, basestring):
text_file.write(text)
text_file.close()
except IOError:
pass
def read_file(filename, tail= 'all', encoding = 'utf-8', strip = False):
if string_utils.is_blank(filename):
raise IOError('filename is None')
text = []
try:
text_file = codecs.open(filename, 'r', encoding)
text = [line.strip() if strip else line for line in text_file.readlines()]
if tail and tail != 'all':
if string_utils.is_numeric(tail):
_tail = int(tail)
_size = len(text)
if _tail < _size:
text = text[_size - _tail : _size]
text_file.close()
except IOError:
text = None
return text
def group(text, rule_list):
if string_utils.is_blank(text) or not rule_list:
return None
group_value = {}
for rule_item in rule_list:
name = rule_item.get('name') if rule_item.has_key('name') else 'NONE'
patterns = rule_item.get('pattern') if rule_item.has_key('pattern') else []
if type(patterns) == types.StringType:
patterns = [patterns]
for line in text:
for pattern in patterns:
if regex_utils.check_line(pattern, line):
group_items = group_value.get(name) if group_value.has_key(name) else []
group_items.append(line)
group_value[name] = group_items
return group_value
def group(text, rule_list):
if string_utils.is_blank(text) or not rule_list:
return None
group_value = {}
for rule_item in rule_list:
name = rule_item.get('name') if rule_item.has_key('name') else 'NONE'
patterns = rule_item.get('pattern') if rule_item.has_key(
'pattern') else []
if type(patterns) == types.StringType:
patterns = [patterns]
for line in text:
for pattern in patterns:
if regex_utils.check_line(pattern, line):
group_items = group_value.get(name) if group_value.has_key(
name) else []
group_items.append(line)
group_value[name] = group_items
return group_value
def main():
parser = argparse.ArgumentParser(description='See README')
parser.add_argument('-c', '--count', default=1, type=int,
help='with how many failure times it should be considered as an attack')
parser.add_argument('-lf', '--logfile', default='', type=str, help='log file')
parser.add_argument('-ex', '--exclude', default='', type=str, help='exclude ip')
parser.add_argument('-redis_host', '--redis_host', default='', type=str, help='redis host')
parser.add_argument('-redis_port', '--redis_port', default='', type=str, help='redis port')
parser.add_argument('-redis_pwd', '--redis_pwd', default='', type=str, help='redis password')
config = parser.parse_args()
redis_client = get_redis_client(config.redis_host, config.redis_port, config.redis_pwd)
log.info(config.logfile)
log.info('file exist %s' % str(os.path.isfile(config.logfile)))
file = open(config.logfile, "r")
while 1:
try:
line = file.readline()
except Exception, e5:
if file is not None:
try:
file.close()
except:
pass
file = open(config.logfile, "r")
log.info(e5)
log.info(traceback.format_exc())
pass
try:
log.info(line)
if not string_utils.is_blank(line):
if line.find('can not parse header when') >= 0:
ip = str(line.split()[-1].split(':')[0]).strip()
if config.exclude != ip:
if not string_utils.is_blank(ip):
if get_value(redis_client, ip) is None:
set_value(redis_client, ip, 1)
cmd = 'sudo iptables -A INPUT -s %s -j DROP' % ip
log.info(cmd)
os.system(cmd)
else:
log.info('ip in the cache')
else:
log.info('ip is blank')
else:
log.info('exclude ip')
else:
log.info('line is blank')
time.sleep(2)
except Exception, e:
log.info(e)
log.info(traceback.format_exc())
pass
