Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import sys
- import socket
- import re
- import smtplib
- import string
- import time
- accepted_hosts = ['dsl.pitt.sbcglobal.net', 'dsl.bell.ca']
- log_file = '/var/log/secure'
- bad_hosts = []
- root_email = 'marty@nme-rs.com'
- def main():
- time_start = time.time()
- print 'Script started'
- for accepted_host in accepted_hosts:
- print 'Allowed host: ' + accepted_host
- with open(log_file) as file:
- file_lines = file.readlines()
- print 'Looping through ' + str(len(file_lines)) + ' lines'
- for line in file_lines:
- if "Accepted password for" in line:
- ip = re.search(r'[0-9]+(?:\.[0-9]+){3}', line).group()
- host = socket.gethostbyaddr(ip)[0]
- host_allowed = False
- for accepted_host in accepted_hosts:
- if re.search(accepted_host, host):
- host_allowed = True
- if host_allowed == False:
- print 'Bad host: ' + host
- bad_hosts.append(line)
- if len(bad_hosts) != 0:
- print 'Bad hosts found: ' + str(len(bad_hosts))
- print 'Sending email to ' + root_email + '...'
- email_subject = "POSSIBLE BREAK-IN [NON-WHITELISTED HOSTS]"
- email_to = root_email
- email_from = "root@nme-rs.com"
- email_text = string.join(bad_hosts)
- email_body = string.join((
- "From: %s" % email_from,
- "To: %s" % email_to,
- "Subject: %s" % email_subject ,
- "",
- email_text
- ), "\r\n")
- server = smtplib.SMTP('localhost')
- server.sendmail(email_from, [email_to], email_body)
- server.quit()
- print 'Script finished, execution time: ' + str(time.time() - time_start) + ' seconds'
- if __name__ == '__main__':
- main()
Add Comment
Please, Sign In to add comment