python统计通过暴力破解尝试登陆本机的ip和次数

hgfre

1、需要root用户执行
2、将会在脚本所在目录生成hosts.deny文件，里面存数据

脚本奉上【本人菜鸟，千万不要喷啊】：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81

#!/usr/bin/python # _*_coding:utf-8 _*_ import time import re import sys import os from datetime import date logfile = r'/var/log/secure' current_path = sys.path[0] denyfile = r'/'+current_path+'/hosts.deny' months_31 = ['Jan','Mar','May','Jul','Aug','Oct','Dec'] months_30 = ['Apr','Jun','Sep','Nov'] month_28or29 = 'Feb' months = {           'Jan':1,'Feb':2,'Mar':3,'Apr':4,'May':5,'Jun':6,           'Jul':7,'Aug':8,'Sep':9,'Oct':10,'Nov':11,'Dec':12          } month_days = {} for mon in months_31:     month_days[mon] = 31 for mon in months_30:     month_days[mon] = 30 if date.isocalendar(date.today())[0] % 4 == 0:     month_days[month_28or29] = 29 else:     month_days[month_28or29] = 28 def copyFiles(sourceFile, targetFile):     open(targetFile, "wb").write(open(sourceFile, "rb").read()) def search_source():     t = date.today()     month = t.strftime('%b')     day = t.strftime('%d')     pat = re.compile('.+sshd.+Failed password.+ (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) .+')     lines = []     f = open(logfile,'r')     for line in f:         if line.split()[0] == month and (int(day) - int(line.split()[1])) < 7 and (int(day) - int(line.split()[1])) >= 0:             if re.search(pat,line):                  lines.append(line)         elif (months[month] - months[line.split()[0]]) == 1 or (months[month] - months[line.split()[0]]) == -11:             if (int(day) + month_days[line.split()[0]] - int(line.split()[1])) < 7 and re.search(pat,line):                 lines.append(line)     return lines def count_ips(lines):     count = {}     if len(lines) == 0:         print 'No one use ssh and failed.'         raise SystemExit     pat = re.compile(' (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) ')     for line in lines:         ip = re.findall(pat,line)[0]         if ip in count:             count[ip] += 1         else:             count[ip] = 1     return count def deny_ips(count):     f = open(denyfile,'w')     valve = 50     for ip in count:         if count[ip] >= valve:             word = 'ALL: %s #failed %d times in a week.\n' % (ip,count[ip])             f.write(word)     f.close() def main():     current_path=sys.path[0]     if os.path.isfile(current_path+"/hosts.deny"):         copyFiles(current_path+"/hosts.deny", current_path+"/hosts.deny."+str(int(time.time())))     lines = search_source()     count = count_ips(lines)     deny_ips(count) if __name__ == '__main__':     main()