44 lines
1.4 KiB
Python
Executable File
44 lines
1.4 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
import sys
|
|
|
|
|
|
def main():
|
|
if len(sys.argv) != 2:
|
|
print(f"Usage: python3 {sys.argv[0]} <input_file>")
|
|
sys.exit(1)
|
|
|
|
input_file = sys.argv[1]
|
|
|
|
# keep track of both the total number of authentication failures and the number of failures from each IP address
|
|
auth_failures = {}
|
|
total = 0
|
|
|
|
with open(input_file, "r") as f:
|
|
# Read log file
|
|
for line in f:
|
|
# check for auth failure in line
|
|
# NOTE: This is a rudimentary check, and will not work for all log formats. This was chosen for the log file provided.
|
|
# as an example, it will not work when the failure arises from PAM, as those logs are formatted differently
|
|
if "authentication failure" in line:
|
|
# add failure
|
|
total += 1
|
|
# Extract the remote host. This could be either a hostname or an IP address, depending if the host has a PTR record
|
|
rhost = line.split("rhost=")[1].split(" ")[0]
|
|
if rhost not in auth_failures:
|
|
# initialize the count
|
|
auth_failures[rhost] = 1
|
|
else:
|
|
# add failure
|
|
auth_failures[rhost] += 1
|
|
|
|
# Print the results
|
|
for rhost in auth_failures:
|
|
print(f"From {rhost}: {auth_failures[rhost]} failures")
|
|
|
|
print(f"\nTotal failures: {total}")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|