Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Apr 24th, 2012  |  syntax: None  |  size: 1.06 KB  |  hits: 9  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Python read ip address and if over 10 attempts save to file called failed.py
  2. myFile = open('auth','r')
  3.  
  4. ips = {}
  5.  
  6. for line in myFile:
  7.     parts = line.split(' ')
  8.     if parts[3] == 'authentication failure':
  9.         if parts[3] in ips:
  10.             ips[parts[0]] += 1
  11.         else:
  12.             ips[parts[0]] = 0
  13.  
  14. with open('failed.py','w') as myFile:
  15.     for ip in [k for k, v in ips.iteritems() if v >=10]:
  16.         myFile.write(ip)
  17.        
  18. Jan 10 09:32:07 j4-be03 sshd[3876]: pam_unix(sshd:auth): authentication failure;    logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35  user=root
  19. Jan 10 09:32:09 j4-be03 sshd[3876]: Failed password for root from 218.241.173.35 port 47084 ssh2
  20.        
  21. from collections import defaultdict
  22. ips = defaultdict(int)
  23. with open('auth','r') as f:
  24.   for line in f:
  25.     if "authentication failure" in line:
  26.       # split on multiple whitespace characters and use second-last element
  27.       ip = line.split()[-2].split('=')[1]
  28.       ips[ip] += 1
  29.        
  30. with open('failed.txt','w') as f:
  31.   for ip in [k for k, v in ips.iteritems() if v >=10]:
  32.     f.write(ip)
create a new version of this paste RAW Paste Data