kippo munin plugin

1. #!/usr/bin/env python
2. # -*- coding: utf-8 -*-
3. from sys import argv, exit
4. from datetime import datetime, timedelta
5. '''
6. about:
7.  
8.    Kippo is a ssh honeypot written in Python.
9.    It's not my own project, but I liked to write
10.    a munin plugin, so here it is.
11.  
12.    more about kippo: http://code.google.com/p/kippo/
13.  
14. license:
15.  
16. This program is free software: you can redistribute it and/or modify
17. it under the terms of the GNU General Public License as published by
18. the Free Software Foundation, either version 3 of the License, or
19. (at your option) any later version.
20.  
21. This program is distributed in the hope that it will be useful,
22. but WITHOUT ANY WARRANTY; without even the implied warranty of
23. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24. GNU General Public License for more details.
25. '''
26.  
27. config = ['graph_title attackers',
28.           'graph_args --base 1000 -l 0',
29.           'graph_scale no',
30.           'graph_vlabel attempts',
31.           'graph_category network',
32.           'attackers.label attackers',
33.           'attempts.label attempts',
34.           'succeeded.label succedded']
35.  
36. if len(argv) > 1 and argv[1] == 'config':
37.     for line in config:
38.         print(line)
39.     exit(0)
40.  
41. def muninlog(path, lastminutes=5, lasthours=0):
42.     collect = {}
43.     with open(path, 'r') as fp:
44.         for line in fp.readlines():
45.             data = line.split(' ')
46.             if len(data) > 6:
47.                 ts = datetime.strptime(data[0] + ' ' + data[1],
48.                                         '''%Y-%m-%d %H:%M:%S+0200''')
49.                 tdiff = datetime.now() - ts
50.                 if tdiff < timedelta(hours=lasthours,
51.                                      minutes=lastminutes):
52.                     if 'attempt' in line:
53.                         sec = line.split(' ')
54.                         ip = sec[5].split(',')[2][:-1]
55.                         if ip not in collect:
56.                             collect[ip] = {'attempts': 0, 'succeeded': 0}
57.                         collect[ip]['attempts'] += 1
58.                         if sec[-1].strip() == 'succeeded':
59.                             collect[ip]['succeeded'] += 1
60.     return collect
61.  
62.  
63. if __name__ == '__main__':
64.     logfile = '/path/to/your/kippo-ssh-honeypot/log/kippo.log'
65.     collect = muninlog(logfile)
66.     attackers, attempts, succ = 0, 0, 0
67.     for ip, stats in collect.items():
68.         attackers += 1
69.         attempts += stats['attempts']
70.         succ += stats['succeeded']
71.     print('attackers.value {}'.format(attackers))
72.     print('attempts.value {}'.format(attempts))
73.     print('succeeded.value {}'.format(succ))