API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 17th, 2017
67
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.09 KB | None | 0 0
raw download clone embed print report
  1. #/usr/bin/env python
  2. import re
  3. import subprocess
  4. from subprocess import Popen
  5. import os
  6. import sqlite3
  7. from sqlite3 import Error
  8.  
  9. ftp_file="/root/logs/"
  10.  
  11. iguales = []
  12. iguales_cp = []
  13. arr_cxs = []
  14. arr_ftp = []
  15. arr_cpanel = []
  16.  
  17. cxs_comp_arr = []
  18. ftp_comp_arr = []
  19. cpanel_comp_arr = []
  20.  
  21. database = "/root/cxs_logs.db"
  22.  
  23. def create_connection(db_file):
  24. try:
  25. conn = sqlite3.connect(db_file)
  26. #print(sqlite3.version)
  27. return conn
  28. except Error as e:
  29. print(e)
  30. return None
  31.  
  32. #se define variable global para la conexion de db
  33. conn = create_connection(database)
  34.  
  35.  
  36. def create_archivos_cxs_db(conn, info_cxs):
  37. sql = ''' CREATE TABLE IF NOT EXISTS archivos_cxs(
  38. id_archivo_cxs integer NOT NULL PRIMARY KEY,
  39. tipo_archivo varchar(10),
  40. path_archivo varchar(200),
  41. host_archivo varchar(20),
  42. time_record TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL) '''
  43.  
  44. sql1 = ''' INSERT INTO archivos_cxs(tipo_archivo,path_archivo,host_archivo) VALUES(?,?,?) '''
  45. cur = conn.cursor()
  46. cur.execute(sql)
  47. cur.execute(sql1, info_cxs)
  48.  
  49.  
  50. def create_match_cxs_db(conn, record_cxs):
  51. sql = ''' CREATE TABLE IF NOT EXISTS cxs_logs_match(
  52. id_cxs_logs_match integer NOT NULL PRIMARY KEY,
  53. host_archivo varchar(20),
  54. path_archivo varchar(200),
  55. log_match varchar(200),
  56. time_record TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL) '''
  57.  
  58. sql1 = ''' INSERT INTO cxs_logs_match(host_archivo,path_archivo,log_match) VALUES(?,?,?) '''
  59. cur = conn.cursor()
  60. cur.execute(sql)
  61. cur.execute(sql1, record_cxs)
  62.  
  63.  
  64. def compare_arrays(a,b):
  65. for first in a:
  66. if first in b:
  67. iguales.append(first)
  68.  
  69. def recorre_archivo(path, regex1, regex2, arr):
  70. for z in os.listdir(path):
  71. if re.search(regex1, z):
  72. archivo = path+"/"+z
  73. with open(archivo, "r") as file:
  74. for line in file:
  75. line = line.rstrip()
  76. if regex2 == "cxs":
  77. regex_ = re.search('Known exploit',line) or re.search('virus', line)
  78. elif regex2 == "ftp":
  79. regex_ = re.search('uploaded', line)
  80. elif regex2 == "cpanel":
  81. regex_ = re.search('DEBUG', line)
  82. if regex_:
  83. _file = line.split()
  84. arr.append(_file)
  85.  
  86.  
  87.  
  88. def main():
  89. for filename in os.listdir(ftp_file):
  90. for x in os.listdir(ftp_file+filename):
  91. if x == "cxs":
  92. path = ftp_file+filename+"/"+x
  93. recorre_archivo(path, '.log', 'cxs', arr_cxs)
  94.  
  95. if x == "ftp":
  96. path = ftp_file+filename+"/"+x
  97. recorre_archivo(path, 'pure-ftpd.log-', 'ftp', arr_ftp)
  98. if x == "cpanel":
  99. path = ftp_file+filename+"/"+x
  100. recorre_archivo(path, 'post_upload_file.log-', 'cpanel',arr_cpanel)
  101. #si el array de cxs trae datos se itera sobre este y se guardan en db los archivos, ademas se llena un array para hacer el match
  102.  
  103. if arr_cxs:
  104. for y in arr_cxs:
  105. _file = y[5].replace("['",'').replace("']",'')
  106. _host = y[3]
  107. host_file_cxs = (_host + " "+ _file).split(" ")
  108. type_infected = y[8]
  109. if type_infected == 'detected':
  110. type_infected = 'virus'
  111. else:
  112. type_infected = 'exploit'
  113.  
  114. record = (type_infected,_file,_host)
  115. with conn:
  116. create_archivos_cxs_db(conn,record)
  117. cxs_comp_arr.append(host_file_cxs)
  118.  
  119. #si el array de cxs trae datos se hace el match con ftp y cpanel (logs)
  120.  
  121. if cxs_comp_arr:
  122.  
  123. for z in arr_ftp:
  124. host = z[2]
  125. _archivo_ftp = z[6].replace("//","/")
  126. host_file_ftp = (host + " "+_archivo_ftp).split(" ")
  127. ftp_comp_arr.append(host_file_ftp)
  128.  
  129.  
  130.  
  131. remove_duplicados = []
  132. compare_arrays(cxs_comp_arr, ftp_comp_arr)
  133. if iguales:
  134. for w in iguales:
  135. if w not in remove_duplicados:
  136. remove_duplicados.append(w)
  137.  
  138. for y in remove_duplicados:
  139. host = y[0]
  140. path = y[1]
  141. type_ = "ftp"
  142. record = (host,path,type_)
  143. print record
  144. with conn:
  145. create_match_cxs_db(conn,record)
  146.  
  147. else:
  148. print "no hay coincidencias entre los logs de cxs con los de ftp"
  149.  
  150.  
  151. for cp in arr_cpanel:
  152. host = cp[5]
  153. _archivo_cpanel = cp[7]
  154. if re.search("/", _archivo_cpanel):
  155. _archivo = cp[7]
  156. else:
  157. _archivo = cp[8]
  158.  
  159. cpanel_file = (host + " " +_archivo).split(" ")
  160. cpanel_comp_arr.append(cpanel_file)
  161.  
  162. remove_cp = []
  163. compare_arrays(cxs_comp_arr, cpanel_comp_arr)
  164. if iguales:
  165. for t in iguales:
  166. if t not in remove_duplicados:
  167. remove_cp.append(t)
  168.  
  169. for o in remove_cp:
  170. host = o[0]
  171. path = o[1]
  172. type_ = "cpanel"
  173. record = (host,path,type_)
  174. print record
  175. with conn:
  176. create_match_cxs_db(conn,record)
  177. else:
  178. print "no hay coincidencias entre los logs de cxs y cpanel"
  179.  
  180.  
  181. if __name__ == '__main__':
  182. main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!