1# 2# sshd.py 3# 4# Find number of ssh logins and authorised users 5# 6 7import re 8 9from..formatting import* 10from..util import readlog, resolve 11from..import config 12 13import logging 14logger = logging.getLogger(__name__) 15 16defparse_log(): 17 logger.debug("Starting sshd section") 18 section =Section("ssh") 19 logger.debug("Searching for matches in{0}".format(config.prefs['logs']['auth'])) 20 matches = re.findall('.*sshd.*Accepted publickey for .* from .*',readlog(config.prefs['logs']['auth']))# get all logins 21 logger.debug("Finished searching for logins") 22 23 users = []# list of users with format [username, number of logins] for each item 24 data = [] 25 num =sum(1for x in matches)# total number of logins 26for match in matches: 27 entry = re.search('^.*publickey\sfor\s(\w*)\sfrom\s(\S*)', match)# [('user', 'ip')] 28 29 user = entry.group(1) 30 ip = entry.group(2) 31 32 userhost = user +'@'+resolve(ip, fqdn=config.prefs['sshd']['resolve-domains']) 33 users.append(userhost) 34 logger.debug("Parsed list of authorised users") 35 36 auth_data =Data(subtitle=plural('login', num) +' from', items=users) 37 38if(len(auth_data.items) ==1):# if only one user, do not display no of logins for this user 39 logger.debug("found "+str(len(matches)) +" ssh logins for user "+ users[0]) 40 auth_data.subtitle +=' '+ auth_data.items[0] 41 auth_data.orderbyfreq() 42 auth_data.truncl(config.prefs['maxlist']) 43 logger.debug("Found "+str(len(matches)) +" ssh logins for users "+str(data)) 44 section.append_data(auth_data) 45 logger.info("Finished sshd section") 46return section