def process_tty_loginfail(strInfo):
#Jun 23 06:35:13 localhost login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty2 ruser= rhost= user=root -kylin
#Jul 10 03:48:20 localhost login: FAILED LOGIN 2 FROM (null) FOR root, Authentication failure
#Jul 10 04:12:43 localhost login: FAILED LOGIN 2 FROM (null) FOR reeewt, User not known to the underlying authentication module
#Jan 31 03:31:43 nari-desktop login[32569]: FAILED LOGIN (1) on '/dev/tty2' FOR 'nari', Authentication failure -----ubuntu10
#Feb 1 21:57:37 debian login[1589]: FAILED LOGIN (1) on '/dev/tty3' FOR 'root', Authentication failure -----debian6.0
strList = strInfo.split( ' ' )
usrname=''
if os_version["type"] == "debian" :
for i in range( len( strList ) ):
if strList[i] =='LOGIN' and strList[i+2] =='on' and strList[i+4] =='FOR' :
usrname=strList[i+5].rstrip(',').strip('\'')
break
else:
for i in range( len( strList ) ):
if strList[i] =='LOGIN' and strList[i+2] =='FROM' and strList[i+4] =='FOR' :
usrname=strList[i+5].rstrip(',')
break
if usrname=='':
PrntLog.error('Failed process_tty_loginfail! strInfo= %s'%strInfo)
return
linkInfo = {}
linkInfo['USER_NAME'] = usrname
linkInfo['time'] = get_cuurent_time( )
linkInfo['LOCAL_IP'] = get_host_ip( )
PrntLog.info('tty login failed! usrname= %s '%usrname)
# 发送tty登录失败报文
strMsg = MsgWrap( linkInfo ).Msg_LOCAL_LogFail_Data( )
pf_oper.sendmsg( strMsg )
def report_session_loginfail(usrname, rhost):
linkInfo = {}
linkInfo['USER_NAME'] = usrname
linkInfo['time'] = get_cuurent_time( )
linkInfo['LOCAL_IP'] = get_host_ip( )
PrntLog.info('session login fail. usrname=%s rhost=%s'%(usrname,rhost))
if rhost =='':
# 发送本地session登录失败报文
strMsg = MsgWrap( linkInfo ).Msg_LOCAL_LogFail_Data( )
else:
if os_version["type"] == "redhat":
if os_version["version"] == 5:
keystr = 'gdm-binary'
elif os_version["name"] =='centos' and os_version["version"] == 7:
keystr = 'lightdm-gtk'
elif os_version["name"] =='redhat' and os_version["version"] == 7:
keystr = 'lightdm'
else:
keystr = '-session'
else:
keystr = '-session'
linkInfo['CLIENT_IP'] = rhost
cmdline="/usr/local/sagent-3000-ns/netstat -ntp | grep %s | grep %s: | head -n 1|awk '{print $5}'" % (keystr,rhost)
(status, output) = commands.getstatusoutput(cmdline)
linkInfo['CLIENT_PORT'] = output.split(':')[-1]
cmdline="/usr/local/sagent-3000-ns/netstat -ntp | grep %s | grep %s: | head -n 1|awk '{print $4}'" %(keystr,rhost)
(status, output) = commands.getstatusoutput(cmdline)
localPort = output.split(':')[-1]
# 发送x11登录失败报文
strMsg = MsgWrap( linkInfo ).Msg_X11_LogFail_Data( )
proc_failed_login(rhost, usrname, time.time(), localPort)
pf_oper.sendmsg( strMsg )
def process_ssh_loginfail(strInfo):
#Jun 16 09:10:43 localhost sshd[19679]: Failed password for test from 172.16.140.151 port 53307 ssh2
#Jun 27 05:46:38 localhost sshd[8715]: Failed password for invalid user 234 from 172.16.140.151 port 57583 ssh2
strList=strInfo.split(' ')
if strInfo.find('from')<0:
PrntLog.error('Failed process_ssh_loginfail: %s'%strInfo)
return
(usrname,clientIp,clientPort)= ['', '', '']
for i in range(len(strList)):
if strList[i] == 'from':
usrname=strList[i-1]
clientIp=strList[i+1]
clientPort=strList[i+3]
break
linkInfo={}
linkInfo['USER_NAME'] = usrname
linkInfo['CLIENT_IP'] = clientIp
linkInfo['CLIENT_PORT'] = clientPort
linkInfo['LOCAL_IP'] = get_host_ip()
linkInfo['time'] = get_cuurent_time()
(status, output) = commands.getstatusoutput('/usr/local/sagent-3000-ns/netstat -tpn|grep ' + clientIp + ':' + clientPort + '| awk \'{print $4}\'')
localPort = output.split(':')[-1]
proc_failed_login(clientIp, usrname, time.time(), localPort)
#发送登录失败报文
strMsg = MsgWrap( linkInfo ).Msg_SSH_LogFail_Data( )
pf_oper.sendmsg( strMsg )
PrntLog.info('SSH login failed! usrname=%s clientIp=%s clientPort=%s '%(usrname,clientIp,clientPort))
def Msg_LOCAL_Loginout_Data(self):
msgType = 0x0F
strMsg = struct.pack('<B4sQQ32s', msgType,
covert_ipaddr(self.LinkInfo['LOCAL_IP']),
int(self.LinkInfo['time'].replace('_', '')[:-3]),
int(get_cuurent_time().replace('_', '')[:-3]),
self.LinkInfo['USER_NAME'])
PrntLog.info(PrtMsg(strMsg))
return strMsg
def Msg_X11_Loginout_Data(self):
msgType = 0x0B
x11Link = struct.pack('<4sH4sQ',
covert_ipaddr(self.LinkInfo['CLIENT_IP']),
int(self.LinkInfo['CLIENT_PORT']),
covert_ipaddr(self.LinkInfo['LOCAL_IP']),
int(self.LinkInfo['time'].replace('_', '')[:-3]))
currentTime = get_cuurent_time()
loginoutTime = int(currentTime.replace('_', '')[:-3])
strMsg = struct.pack('<B18sQ', msgType, x11Link, loginoutTime)
PrntLog.info(PrtMsg(strMsg))
return strMsg
def Msg_SSH_Echo_DATA(self, strLine):
msgType = 0x03
locaSSHlLink = struct.pack(
'<4sH4sQ', covert_ipaddr(self.LinkInfo['CLIENT_IP']),
int(self.LinkInfo['CLIENT_PORT']),
covert_ipaddr(self.LinkInfo['LOCAL_IP']),
int(self.LinkInfo['time'].replace('_', '')[:-3]))
currentTime = get_cuurent_time()
echotime = int(currentTime.replace('_', '')[:-3])
strLen = len(strLine)
strFormt = '<B18sQI%ds' % strLen
strMsg = struct.pack(strFormt, msgType, locaSSHlLink, echotime, strLen,
strLine)
#PrntLog.info(PrtMsg( strMsg ))
PrntLog.info('send Msg_SSH_Echo_DATA')
return strMsg
def process_x11_login(usrname,x11Link):
global gLinkList
linkInfo={}
linkInfo['LOGIN_TYPE'] = 'x11'
linkInfo['CLIENT_IP'] = x11Link['CLIENT_IP']
linkInfo['CLIENT_PORT'] = x11Link['CLIENT_PORT']
linkInfo['USER_NAME'] = usrname
linkInfo['time'] = get_cuurent_time()
linkInfo['LOCAL_IP'] = x11Link['LOCAL_IP']
linkInfo['PID_NUM'] = x11Link['PID_NUM']
gLinkList.append(linkInfo)
PrntLog.info('Add x11 Login : %s'%linkInfo)
#发送x11登录消息报文
strMsg = MsgWrap( linkInfo ).Msg_X11_Login_Data( )
pf_oper.sendmsg( strMsg )
def Msg_LOCAL_Echo_DATA(self, strLine):
msgType = 0x0E
locaLink = struct.pack(
'<4sQ', covert_ipaddr(self.LinkInfo['LOCAL_IP']),
int(self.LinkInfo['time'].replace('_', '')[:-3]))
ttyString = covert_tty(self.itemDict['TTY'])
currentTime = get_cuurent_time()
echotime = int(currentTime.replace('_', '')[:-3])
strLen = len(strLine)
strFormt = '<B12s32sQ32sI%ds' % strLen
strMsg = struct.pack(strFormt, msgType, locaLink, ttyString, echotime,
self.LinkInfo['USER_NAME'], strLen, strLine)
#PrntLog.info(PrtMsg( strMsg ))
PrntLog.info('send Msg_LOCAL_Echo_DATA')
return strMsg
def Msg_StopLink_Res_DATA(self):
if self.LinkInfo['LOGIN_TYPE'] == 'ssh':
msgType = 0x08
elif self.LinkInfo['LOGIN_TYPE'] == 'x11':
msgType = 0x1b
else:
PrntLog.error('Failed Msg_StopLink_Res_DATA: %s' %
self.LinkInfo['LOGIN_TYPE'])
return
strMsg = struct.pack('<B32s4sH4sQQ', msgType, self.LinkInfo['ID'],
covert_ipaddr(self.LinkInfo['CLIENT_IP']),
int(self.LinkInfo['CLIENT_PORT']),
covert_ipaddr(self.LinkInfo['LOCAL_IP']),
int(self.LinkInfo['time'].replace('_', '')[:-3]),
int(get_cuurent_time().replace('_', '')[:-3]))
PrntLog.info(PrtMsg(strMsg))
return strMsg
def process_session_console_login(usrname):
global gLinkList
linkInfo = {}
linkInfo['LOGIN_TYPE'] = 'local'
linkInfo['LOCAL_TYPE'] = 'gdm'
linkInfo['USER_NAME'] = usrname
linkInfo['time'] = get_cuurent_time()
linkInfo['LOCAL_IP'] = get_host_ip( )
if not linkInfo['LOCAL_IP']:
PrntLog.error('Failed: get_host_ip. %s ' % usrname)
return False
gLinkList.append( linkInfo )
PrntLog.info('Add local session :%s'%linkInfo)
# 发送本地登录消息报文
strMsg = MsgWrap( linkInfo ).Msg_LOCAL_Login_Data( )
pf_oper.sendmsg( strMsg )
PrntLog.info('local session login : usrname =%s localip=%s'%( usrname ,linkInfo['LOCAL_IP']))