#
# Get number of sudo sessions for each user
#
+# NOTE: This file is now deprecated in favour of the newer journald mechanism
+# used in sudo-journald.py. This parser is still functional but is slower and
+# has less features. Please switch over if possible.
+#
import re
-from ..formatting import *
-from ..util import readlog, resolve
-from .. import config
-
-import logging
-logger = logging.getLogger(__name__)
-
-def parse_log():
- output = ''
- logger.debug("Starting sudo section")
- output += opentag('div', 1, 'sudo', 'section')
- logger.debug("Searching for matches in {0}".format(config.prefs['logs']['auth']))
- umatches = re.findall('.*sudo:session\): session opened.*', readlog(config.prefs['logs']['auth']))
- num = sum(1 for line in umatches) # total number of sessions
- users = []
- data = []
- for match in umatches:
- user = re.search('.*session opened for user root by (\S*)\(uid=.*\)', match).group(1)
- exists = [i for i, item in enumerate(users) if re.search(user, item[0])]
- if (exists == []):
- users.append([user, 1])
+from logparse.formatting import *
+from logparse.util import readlog
+from logparse.config import prefs
+from logparse.load_parsers import Parser
+
+class Sudo(Parser):
+
+ def __init__(self):
+ super().__init__()
+ self.name = "sudo"
+ self.info = "Get number of sudo sessions for each user"
+ self.deprecated = True
+ self.successor = "sudo_journald"
+
+ def parse_log(self):
+ logger.debug("Starting sudo section")
+ section = Section("sudo")
+ logger.debug("Searching for matches in {0}".format(prefs.get("logs", "auth")))
+ umatches = re.findall('.*sudo:session\): session opened.*', readlog(prefs.get("logs", "auth")))
+ num = sum(1 for line in umatches) # total number of sessions
+ users = []
+ data = []
+ for match in umatches:
+ user = re.search('.*session opened for user root by (\S*)\(uid=.*\)', match).group(1)
+ exists = [i for i, item in enumerate(users) if re.search(user, item[0])]
+ if (exists == []):
+ users.append([user, 1])
+ else:
+ users[exists[0]][1] += 1
+ commands = []
+ cmatches = re.findall('sudo:.*COMMAND\=(.*)', readlog(prefs.get("logs", "auth")))
+ for cmd in cmatches:
+ commands.append(cmd)
+ logger.debug("Finished parsing sudo sessions")
+
+ auth_data = Data(subtitle=plural("sudo session", num) + " for")
+
+ if (len(users) == 1):
+ logger.debug("found " + str(num) + " sudo session(s) for user " + str(users[0]))
+ auth_data.subtitle += ' ' + users[0][0]
else:
- users[exists[0]][1] += 1
- commands = []
- cmatches = re.findall('sudo:.*COMMAND\=(.*)', readlog(config.prefs['logs']['auth']))
- for cmd in cmatches:
- commands.append(cmd)
- logger.debug("Finished parsing sudo sessions")
-
- output += writetitle("sudo")
- subtitle = plural("sudo session", num) + " for"
- if (len(users) == 1):
- logger.debug("found " + str(num) + " sudo session(s) for user " + str(users[0]))
- subtitle += ' ' + users[0][0]
- output += writedata(subtitle)
- else:
- for user in users:
- data.append(user[0] + ' (' + str(user[1]) + ')')
- logger.debug("found " + str(num) + " sudo sessions for users " + str(data))
- output += writedata(subtitle, data)
- if (len(commands) > 0):
- commands = addtag(commands, 'code')
- commands = orderbyfreq(commands)
- commands = truncl(commands, config.prefs['maxcmd'])
- output += writedata("top sudo commands", [c for c in commands])
- output += closetag('div', 1)
- return output
- logger.info("Finished sudo section")
+ for user in users:
+ auth_data.items.append(user[0] + ' (' + str(user[1]) + ')')
+ logger.debug("found " + str(num) + " sudo sessions for users " + str(data))
+ section.append_data(auth_data)
+
+ if (len(commands) > 0):
+ command_data = Data(subtitle="top sudo commands")
+ commands = backticks(commands)
+ command_data.items = commands
+ command_data.orderbyfreq()
+ command_data.truncl(prefs.getint("logparse", "maxcmd"))
+ section.append_data(command_data)
+
+ logger.info("Finished sudo section")
+
+ return section