1# 2# sshd.py 3# 4# Find number of ssh logins and authorised users 5# 6 7import re 8 9from..formatting import* 10from..util import readlog, resolve 11from..import config 12 13import logging 14logger = logging.getLogger(__name__) 15 16defparse_log(): 17 output ='' 18 logger.debug("Starting sshd section") 19 output +=opentag('div',1,'sshd','section') 20 logger.debug("Searching for matches in{0}".format(config.prefs['logs']['auth'])) 21 matches = re.findall('.*sshd.*Accepted publickey for .* from .*',readlog(config.prefs['logs']['auth']))# get all logins 22 logger.debug("Finished searching for logins") 23 24 users = []# list of users with format [username, number of logins] for each item 25 data = [] 26 num =sum(1for x in matches)# total number of logins 27for match in matches: 28 entry = re.search('^.*publickey\sfor\s(\w*)\sfrom\s(\S*)', match)# [('user', 'ip')] 29 30 user = entry.group(1) 31 ip = entry.group(2) 32 33 userhost = user +'@'+resolve(ip, fqdn=config.prefs['sshd']['resolve-domains']) 34 exists = [i for i, item inenumerate(users)if re.search(userhost, item[0])] 35if(exists == []): 36 users.append([userhost,1]) 37else: 38 users[exists[0]][1] +=1 39 logger.debug("Parsed list of authorised users") 40 41 output +=writetitle('sshd') 42 subtitle =plural('login', num) +' from' 43if(len(users) ==1):# if only one user, do not display no of logins for this user 44 logger.debug("found "+str(len(matches)) +" ssh logins for user "+ users[0][0]) 45 subtitle +=' '+ users[0][0] 46 output +=writedata(subtitle) 47else: 48for user in users: 49 data.append(user[0] +' ('+str(user[1]) +')') 50iflen(data) > config.prefs['maxlist']:# if there are lots of users, truncate them 51 data.append('+ '+str(len(users) - config.prefs['maxlist'] -1) +" more") 52break 53 logger.debug("found "+str(len(matches)) +" ssh logins for users "+str(data)) 54 output +=writedata(subtitle, data) 55 output +=closetag('div',1) 56 logger.info("Finished sshd section") 57return output