1# 2# sshd.py 3# 4# Find number of ssh logins and authorised users 5# 6 7import re 8 9from..formatting import* 10from..util import readlog, resolve 11from..import config 12 13import logging 14logger = logging.getLogger(__name__) 15 16defparse_log(): 17 logger.debug("Starting sshd section") 18 section =Section("ssh") 19 logger.debug("Searching for matches in{0}".format(config.prefs['logs']['auth'])) 20 matches = re.findall('.*sshd.*Accepted publickey for .* from .*',readlog(config.prefs['logs']['auth']))# get all logins 21 logger.debug("Finished searching for logins") 22 23 users = []# list of users with format [username, number of logins] for each item 24 data = [] 25 num =sum(1for x in matches)# total number of logins 26for match in matches: 27 entry = re.search('^.*publickey\sfor\s(\w*)\sfrom\s(\S*)', match)# [('user', 'ip')] 28 29 user = entry.group(1) 30 ip = entry.group(2) 31 32 userhost = user +'@'+resolve(ip, fqdn=config.prefs['sshd']['resolve-domains']) 33 exists = [i for i, item inenumerate(users)if re.search(userhost, item[0])] 34if(exists == []): 35 users.append([userhost,1]) 36else: 37 users[exists[0]][1] +=1 38 logger.debug("Parsed list of authorised users") 39 40 auth_data =Data(subtitle=plural('login', num) +' from') 41 42if(len(users) ==1):# if only one user, do not display no of logins for this user 43 logger.debug("found "+str(len(matches)) +" ssh logins for user "+ users[0][0]) 44 auth_data.subtitle +=' '+ users[0][0] 45else: 46for user in users: 47 auth_data.items.append(user[0] +' ('+str(user[1]) +')') 48 auth_data.orderbyfreq() 49 auth_data.truncl(config.prefs['maxlist']) 50 logger.debug("found "+str(len(matches)) +" ssh logins for users "+str(data)) 51 section.append_data(auth_data) 52 logger.info("Finished sshd section") 53return section