1# 2# sshd.py 3# 4# Find number of ssh logins and authorised users 5# 6 7import re 8 9from ..formatting import * 10from ..util import readlog, resolve 11from .. import config 12 13import logging 14logger = logging.getLogger(__name__) 15 16def parse_log(): 17 output = '' 18 logger.debug("Starting sshd section") 19 output += opentag('div', 1, 'sshd', 'section') 20 logger.debug("Searching for matches in {0}".format(config.prefs['logs']['auth'])) 21 matches = re.findall('.*sshd.*Accepted publickey for .* from .*', readlog(config.prefs['logs']['auth'])) # get all logins 22 logger.debug("Finished searching for logins") 23 24 users = [] # list of users with format [username, number of logins] for each item 25 data = [] 26 num = sum(1 for x in matches) # total number of logins 27 for match in matches: 28 entry = re.search('^.*publickey\sfor\s(\w*)\sfrom\s(\S*)', match) # [('user', 'ip')] 29 30 user = entry.group(1) 31 ip = entry.group(2) 32 33 userhost = user + '@' + resolve(ip, fqdn=config.prefs['sshd']['resolve-domains']) 34 exists = [i for i, item in enumerate(users) if re.search(userhost, item[0])] 35 if (exists == []): 36 users.append([userhost, 1]) 37 else: 38 users[exists[0]][1] += 1 39 logger.debug("Parsed list of authorised users") 40 41 output += writetitle('sshd') 42 subtitle = plural('login', num) + ' from' 43 if (len(users) == 1): # if only one user, do not display no of logins for this user 44 logger.debug("found " + str(len(matches)) + " ssh logins for user " + users[0][0]) 45 subtitle += ' ' + users[0][0] 46 output += writedata(subtitle) 47 else: 48 for user in users: 49 data.append(user[0] + ' (' + str(user[1]) + ')') 50 if len(data) > config.prefs['maxlist']: # if there are lots of users, truncate them 51 data.append('+ ' + str(len(users) - config.prefs['maxlist'] - 1) + " more") 52 break 53 logger.debug("found " + str(len(matches)) + " ssh logins for users " + str(data)) 54 output += writedata(subtitle, data) 55 output += closetag('div', 1) 56 logger.info("Finished sshd section") 57 return output