# # sshd.py # # Find number of ssh logins and authorised users # import re from ..formatting import * from ..util import readlog, resolve from .. import config import logging logger = logging.getLogger(__name__) def parse_log(): output = '' logger.debug("Starting sshd section") output += opentag('div', 1, 'sshd', 'section') logger.debug("Searching for matches in {0}".format(config.prefs['logs']['auth'])) matches = re.findall('.*sshd.*Accepted publickey for .* from .*', readlog(config.prefs['logs']['auth'])) # get all logins logger.debug("Finished searching for logins") users = [] # list of users with format [username, number of logins] for each item data = [] num = sum(1 for x in matches) # total number of logins for match in matches: entry = re.search('^.*publickey\sfor\s(\w*)\sfrom\s(\S*)', match) # [('user', 'ip')] user = entry.group(1) ip = entry.group(2) userhost = user + '@' + resolve(ip, fqdn=config.prefs['sshd']['resolve-domains']) exists = [i for i, item in enumerate(users) if re.search(userhost, item[0])] if (exists == []): users.append([userhost, 1]) else: users[exists[0]][1] += 1 logger.debug("Parsed list of authorised users") output += writetitle('sshd') subtitle = plural('login', num) + ' from' if (len(users) == 1): # if only one user, do not display no of logins for this user logger.debug("found " + str(len(matches)) + " ssh logins for user " + users[0][0]) subtitle += ' ' + users[0][0] output += writedata(subtitle) else: for user in users: data.append(user[0] + ' (' + str(user[1]) + ')') if len(data) > config.prefs['maxlist']: # if there are lots of users, truncate them data.append('+ ' + str(len(users) - config.prefs['maxlist'] - 1) + " more") break logger.debug("found " + str(len(matches)) + " ssh logins for users " + str(data)) output += writedata(subtitle, data) output += closetag('div', 1) logger.info("Finished sshd section") return output