论坛 › Python › python统计通过暴力破解尝试登陆本机的ip和次数

hgfre 发表于 2016-11-18 12:40:31

python统计通过暴力破解尝试登陆本机的ip和次数

1、需要root用户执行
2、将会在脚本所在目录生成hosts.deny文件，里面存数据

脚本奉上【本人菜鸟，千万不要喷啊】：



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/usr/bin/python
# _*_coding:utf-8 _*_

import time
import re
import sys
import os
from datetime import date

logfile = r'/var/log/secure'
current_path = sys.path
denyfile = r'/'+current_path+'/hosts.deny'
months_31 = ['Jan','Mar','May','Jul','Aug','Oct','Dec']
months_30 = ['Apr','Jun','Sep','Nov']
month_28or29 = 'Feb'
months = {
          'Jan':1,'Feb':2,'Mar':3,'Apr':4,'May':5,'Jun':6,
          'Jul':7,'Aug':8,'Sep':9,'Oct':10,'Nov':11,'Dec':12
         }
month_days = {}
for mon in months_31:
    month_days = 31
for mon in months_30:
    month_days = 30
if date.isocalendar(date.today()) % 4 == 0:
    month_days = 29
else:
    month_days = 28

def copyFiles(sourceFile, targetFile):
    open(targetFile, "wb").write(open(sourceFile, "rb").read())

def search_source():
    t = date.today()
    month = t.strftime('%b')
    day = t.strftime('%d')
    pat = re.compile('.+sshd.+Failed password.+ (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) .+')
    lines = []
    f = open(logfile,'r')
    for line in f:
      if line.split() == month and (int(day) - int(line.split())) < 7 and (int(day) - int(line.split())) >= 0:
            if re.search(pat,line):
               lines.append(line)
      elif (months - months]) == 1 or (months - months]) == -11:
            if (int(day) + month_days] - int(line.split())) < 7 and re.search(pat,line):
                lines.append(line)
    return lines

def count_ips(lines):
    count = {}
    if len(lines) == 0:
      print 'No one use ssh and failed.'
      raise SystemExit
    pat = re.compile(' (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) ')
    for line in lines:
      ip = re.findall(pat,line)
      if ip in count:
            count += 1
      else:
            count = 1
    return count

def deny_ips(count):
    f = open(denyfile,'w')
    valve = 50
    for ip in count:
      if count >= valve:
            word = 'ALL: %s #failed %d times in a week.\n' % (ip,count)
            f.write(word)
    f.close()

def main():
    current_path=sys.path
    if os.path.isfile(current_path+"/hosts.deny"):
      copyFiles(current_path+"/hosts.deny", current_path+"/hosts.deny."+str(int(time.time())))
    lines = search_source()
    count = count_ips(lines)
    deny_ips(count)

if __name__ == '__main__':
    main()

查看完整版本: python统计通过暴力破解尝试登陆本机的ip和次数