1#
2# sudo.py
3#
4# Get number of sudo sessions for each user
5#
6import re
8from ..formatting import *
10from ..util import readlog, resolve
11from .. import config
12import logging
14logger = logging.getLogger(__name__)
15def parse_log():
17 output = ''
18 logger.debug("Starting sudo section")
19 output += opentag('div', 1, 'sudo', 'section')
20 logger.debug("Searching for matches in {0}".format(config.prefs['logs']['auth']))
21 umatches = re.findall('.*sudo:session\): session opened.*', readlog(config.prefs['logs']['auth']))
22 num = sum(1 for line in umatches) # total number of sessions
23 users = []
24 data = []
25 for match in umatches:
26 user = re.search('.*session opened for user root by (\S*)\(uid=.*\)', match).group(1)
27 exists = [i for i, item in enumerate(users) if re.search(user, item[0])]
28 if (exists == []):
29 users.append([user, 1])
30 else:
31 users[exists[0]][1] += 1
32 commands = []
33 cmatches = re.findall('sudo:.*COMMAND\=(.*)', readlog(config.prefs['logs']['auth']))
34 for cmd in cmatches:
35 commands.append(cmd)
36 logger.debug("Finished parsing sudo sessions")
37 output += writetitle("sudo")
39 subtitle = plural("sudo session", num) + " for"
40 if (len(users) == 1):
41 logger.debug("found " + str(num) + " sudo session(s) for user " + str(users[0]))
42 subtitle += ' ' + users[0][0]
43 output += writedata(subtitle)
44 else:
45 for user in users:
46 data.append(user[0] + ' (' + str(user[1]) + ')')
47 logger.debug("found " + str(num) + " sudo sessions for users " + str(data))
48 output += writedata(subtitle, data)
49 if (len(commands) > 0):
50 commands = addtag(commands, 'code')
51 commands = orderbyfreq(commands)
52 commands = truncl(commands, config.prefs['maxcmd'])
53 output += writedata("top sudo commands", [c for c in commands])
54 output += closetag('div', 1)
55 return output
56 logger.info("Finished sudo section")