126 lines
5.1 KiB
Python
126 lines
5.1 KiB
Python
from SSHLogJournal import SSHLogJournal
|
|
from SSHUser import SSHUser
|
|
from SSHLogEntry import SSHError, SSHOther
|
|
logs = [
|
|
"Dec 10 06:55:46 LabSZ sshd[24200]: reverse mapping checking getaddrinfo for ns.marryaldkfaczcz.com [173.234.31.186] failed - POSSIBLE BREAK-IN ATTEMPT!",
|
|
"Dec 10 06:55:46 LabSZ sshd[24200]: Invalid user webmaster from 173.234.31.186",
|
|
"Dec 10 06:55:46 LabSZ sshd[24200]: input_userauth_request: invalid user webmaster [preauth]",
|
|
"Dec 10 06:55:46 LabSZ sshd[24200]: pam_unix(sshd:auth): check pass; user unknown",
|
|
"Dec 10 06:55:46 LabSZ sshd[24200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.234.31.186 ",
|
|
"Dec 10 06:55:48 LabSZ sshd[24200]: Failed password for invalid user webmaster from 173.234.31.186 port 38926 ssh2",
|
|
"Dec 10 06:55:48 LabSZ sshd[24200]: Connection closed by 173.234.31.186 [preauth]",
|
|
"Dec 10 07:02:47 LabSZ sshd[24203]: Connection closed by 212.47.254.145 [preauth]",
|
|
"Dec 10 07:07:38 LabSZ sshd[24206]: Invalid user test9 from 52.80.34.196",
|
|
"Dec 10 07:07:38 LabSZ sshd[24206]: input_userauth_request: invalid user test9 [preauth]",
|
|
"Dec 10 07:07:38 LabSZ sshd[24206]: pam_unix(sshd:auth): check pass; user unknown",
|
|
"Dec 10 07:07:38 LabSZ sshd[24206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ec2-52-80-34-196.cn-north-1.compute.amazonaws.com.cn ",
|
|
"Dec 10 07:07:45 LabSZ sshd[24206]: Failed password for invalid user test9 from 52.80.34.196 port 36060 ssh2",
|
|
"Dec 10 07:07:45 LabSZ sshd[24206]: Received disconnect from 52.80.34.196: 11: Bye Bye [preauth]",
|
|
"Dec 10 07:08:28 LabSZ sshd[24208]: reverse mapping checking getaddrinfo for ns.marryaldkfaczcz.com [173.234.31.186] failed - POSSIBLE BREAK-IN ATTEMPT!",
|
|
"Dec 10 07:08:28 LabSZ sshd[24208]: Invalid user webmaster from 173.234.31.186",
|
|
"Dec 10 07:08:28 LabSZ sshd[24208]: input_userauth_request: invalid user webmaster [preauth]",
|
|
"Dec 10 07:08:28 LabSZ sshd[24208]: pam_unix(sshd:auth): check pass; user unknown",
|
|
"Dec 10 07:08:28 LabSZ sshd[24208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.234.31.186 ",
|
|
"Dec 10 07:08:30 LabSZ sshd[24208]: Failed password for invalid user webmaster from 173.234.31.186 port 39257 ssh2",
|
|
"Dec 10 07:51:15 LabSZ sshd[24324]: error: Received disconnect from 195.154.37.122: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]",
|
|
"Dec 10 09:32:20 LabSZ sshd[24680]: Accepted password for fztu from 119.137.62.142 port 49116 ssh2"
|
|
]
|
|
|
|
error_log = SSHError("Dec 10 07:51:15 LabSZ sshd[24324]: error: Received disconnect from 195.154.37.122: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]")
|
|
standalone_log = SSHOther("Jan 7 17:07:14 LabSZ sshd[30222]: Received disconnect from 185.165.29.69: 11: Bye Bye [preauth]")
|
|
|
|
def main():
|
|
searched_ips = ["173.234.31.186", "119.137.62.142"]
|
|
journal = SSHLogJournal()
|
|
|
|
for log in logs:
|
|
journal.append(log)
|
|
|
|
# 3.
|
|
|
|
print(f"error log validate before changing = {error_log.validate()}")
|
|
error_log.hostname = "test1234"
|
|
print("error log hostname changed to test1234")
|
|
print(f"error log validate after changing = {error_log.validate()}")
|
|
print()
|
|
|
|
|
|
print(f"other log validate before changing = {standalone_log.validate()}")
|
|
standalone_log.hostname = "test1234"
|
|
print("other log hostname changed to test1234")
|
|
print(f"other log validate after changing = {standalone_log.validate()}")
|
|
print()
|
|
|
|
# 5
|
|
|
|
print("entries that have an ip:")
|
|
has_ip_entries = [log for log in journal if log.has_ip]
|
|
print(*has_ip_entries, sep="\n")
|
|
print()
|
|
|
|
# 6
|
|
|
|
print("__repr__ of entries:")
|
|
print(*[repr(log) for log in journal], sep="\n")
|
|
print()
|
|
|
|
|
|
magic_entry = journal.get_logs_by_ip(searched_ips[0])[3]
|
|
|
|
print(f"entries __lt__ {magic_entry}:")
|
|
print(*[log for log in journal if magic_entry < log], sep="\n")
|
|
print()
|
|
|
|
|
|
print(f"entries __gt__ {magic_entry}:")
|
|
print(*[log for log in journal if magic_entry > log], sep="\n")
|
|
print()
|
|
|
|
print(f"entries __eq__ {magic_entry}:")
|
|
print(*[log for log in journal if magic_entry == log], sep="\n")
|
|
print()
|
|
|
|
|
|
|
|
# SSHLogJournal
|
|
|
|
|
|
for searched_ip in searched_ips:
|
|
ip_entries = journal.get_logs_by_ip(searched_ip)
|
|
|
|
print(f"entries with ip {searched_ip}:")
|
|
print(*ip_entries, sep="\n")
|
|
print()
|
|
|
|
|
|
|
|
print("journal iter test:")
|
|
print(f"len of journal: {len(journal)}")
|
|
print(f"{repr(magic_entry)} in journal: {magic_entry in journal}")
|
|
print(f"standalone log {repr(standalone_log)} in journal: {standalone_log in journal}")
|
|
print()
|
|
print("error entries:")
|
|
failed_passwords = [log for log in journal if type(log) == SSHError]
|
|
print(*failed_passwords, sep="\n")
|
|
print()
|
|
|
|
|
|
# 7
|
|
users = [SSHUser("fztu"), SSHUser("root"), SSHUser("9test9"), SSHUser("-invalid")]
|
|
|
|
|
|
merged = journal.get_logs_by_ip(searched_ips[0]) + users
|
|
|
|
print("duck typing test: ")
|
|
for item in merged:
|
|
print(item)
|
|
if not item.validate():
|
|
print(f"validation failed for this item")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main() |