# Created by Pathogen @ www.hakhub.tkimport subprocess as spimport red

1. # Created by Pathogen @ www.hakhub.tk
2.  
3. import subprocess as sp
4. import re
5.  
6. def RHL():
7.  num = 0
8.  cat = sp.Popen("cat /var/log/audit/audit.log",stdout = sp.PIPE,shell=True)
9.  results = cat.stdout.read()
10.  contents =  re.split("\n",results)
11.  for line in contents:
12.   if re.search("USER_LOGIN",line):
13.    proc = re.split(" ",line)
14.    header = 0
15.    for word in proc:
16.     if re.findall("acct=",word):
17.      num = num + 1
18.      print "\nLogin attempt #"+str(num)+"\n___________________"
19.      print word
20.      header = 1
21.     elif re.findall("hostname=",word):
22.      if header == 0:
23.       num = num + 1
24.       print "\nLogin attempt #"+str(num)+"\n___________________"
25.       print word
26.      elif header == 1:
27.       print word
28.     elif re.findall("addr=",word):
29.       print word
30.     elif re.findall("res=",word):
31.      if re.findall("success",word):
32.       print word+"     <---- User Login Successful! ----"
33.      else:
34.       print word
35. def ubuntu():
36.   grep = sp.Popen("grep ssh /var/log/syslog",stdout = sp.PIPE,shell=True)
37.   output = grep.stdout.read()
38.   contents = re.split("\n",output)
39.   for line in contents:
40.     print line
41.