DeaD_EyE

log anonymizer

Apr 14th, 2020
79
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python3
  2.  
  3. """
  4. Log Anonymizer reads a logfile, where the first field must be a valid IPv4
  5. or IPv6 address. It anonymizes 16 bits with IPv4 addresses and
  6. 32 bits with IPv6 addresses.
  7.  
  8. If required the ip address could be hashed.
  9. It is more anonymized if you use the random generated token.
  10.  
  11. By default the file is not overwritten.
  12. If you use the command without -o, then the anonymized logfile
  13. is printed to console.
  14. """
  15.  
  16.  
  17. import os
  18. import ipaddress
  19. import hashlib
  20. import secrets
  21. import argparse
  22. import sys
  23. from pathlib import Path
  24.  
  25.  
  26. def log_anonymizer(log: Path, hash_ip: bool=True, salt: bool=True):
  27.     def anonymize(ip, ipv4_mask=16, ipv6_mask=32):
  28.         ip = ipaddress.ip_address(ip)
  29.         mask = 2 ** ip.max_prefixlen - 1
  30.         if ip.version == 4:
  31.             mask -= 2 ** ipv4_mask - 1
  32.         elif ip.version == 6:
  33.             mask -= 2 ** ipv6_mask - 1
  34.         return ipaddress.ip_address(int(ip) & mask)
  35.     if salt:
  36.         salt_val = secrets.token_hex()
  37.     with open(log) as fd:
  38.         for idx, line in enumerate(fd, start=1):
  39.             try:
  40.                 ip, rest = line.strip().split(maxsplit=1)
  41.             except ValueError:
  42.                 print("Error with line no {}".format(idx), file=sys.stderr)
  43.                 yield line.strip()
  44.                 continue
  45.             try:
  46.                 ip = str(anonymize(ip))
  47.             except ValueError:
  48.                 print("Could not parse ip in line no {}".format(idx), file=sys.stderr)
  49.                 yield line.strip()
  50.                 continue
  51.             if salt:
  52.                 ip += salt_val
  53.             if salt or hash_ip:
  54.                 ip = hashlib.sha256(ip.encode()).hexdigest()
  55.             yield " ".join((ip, rest))
  56.  
  57.  
  58.  
  59. if __name__ == "__main__":
  60.     parser = argparse.ArgumentParser(description=__doc__)
  61.     parser.add_argument("logfile", type=Path, help="Logfile to anonymize")
  62.     parser.add_argument("-H", action="store_true", help="hash ip address with sha256 after anonymize")
  63.     parser.add_argument("-s", action="store_true", help="Add random salt before hashing")
  64.     parser.add_argument("-o", action="store_true", help="Overwrite file.")
  65.     args = parser.parse_args()
  66.     log = log_anonymizer(args.logfile, args.H, args.s)
  67.     if args.o:
  68.         new_name = args.logfile.name + ".anon"
  69.         new_file = args.logfile.with_name(new_name)
  70.         with new_file.open("w") as fd:
  71.             for line in log:
  72.                 fd.write(line + os.linesep)
  73.         new_file.rename(args.logfile)
  74.     else:
  75.         for line in log:
  76.             print(line)
RAW Paste Data