[Tutor] 2016-02-01 Filter STRINGS in Log File and Pass as VARAIBLE within PYTHON script
knnleow GOOGLE
knnleow at gmail.com
Tue Feb 2 08:14:43 EST 2016
Sorry, forget to make use of SET() ....... this is the new update.....
appreciate your advice if we can still optimized further...
$ more fail2ban-banned-ipAddress.py
#VERSION CONTROL:
#2016-01-31 - Initial build by Kuenn Leow
# - fail2ban package has to be installed
# - fail2ban leverage on linux iptables to work
#2016-0-02 - modified with recommandation from Carmeron Simpson
#FIXED MODULE IMPORT and FIXED ARGV IMPORT
import sys
import os
import subprocess
import time
import traceback
myArray = sys.argv
def checkInputs():
if('-date' not in myArray):
#print(__doc__)
print('''
USAGE: python fail2ban-banned-ipAddress.py -date <YYYY-MM-DD>
EXAMPLE: python fail2ban-banned-ipAddress.py -date 2016-01-31
''')
sys.exit(1)
def main():
#START MAIN PROGRAM HERE!!!
try:
checkInputs()
myDate = myArray[myArray.index('-date') + 1]
timestamp01 = time.strftime("%Y-%m-%d")
timestamp02 = time.strftime("%Y-%m-%d-%H%M%S")
wd01 = ("/var/tmp/myKNN/1_mySAMPLEpython-ver-001/" +
timestamp01)
wd02 = ("/var/tmp/myKNN/1_mySAMPLEpython-ver-001/" +
timestamp02)
#print(" ")
#print(40 * "-")
#print("START DEBUG Log of MAIN Defined VARIABLE")
#print(40 * "-")
#print("myDate: " + myDate)
#print(" ")
#print("timestamp01: " + timestamp01)
#print("timestamp02: " + timestamp02)
#print(" ")
#print("wd01: " + wd01)
#print("wd02: " + wd02)
#print(38 * "-")
#print("END DEBUG Log of MAIN Defined VARIABLE")
#print(38 * "-")
#print(" ")
# store all the BANNED IP in a SET
print(" ")
banIP_addrs = set()
with open("/var/log/fail2ban.log") as fail_log:
for line in fail_log:
if("ssh" in line and "Ban" in line and
myDate in line):
words = line.split()
word6 = words[6]
print("word6:" , word6)
banIP_addrs.add(word6)
print("banIP_addrs:" , banIP_addrs)
# LOOP through the SET and WHOIS
for i in banIP_addrs:
print("i:", i)
whoisVAR = os.popen("whois -H " + i + " |egrep
-i \"name|country|mail\" |sort -u").read()
print("whoisVAR:", whoisVAR)
except KeyboardInterrupt:
print('Shutdown requested...exiting')
except Exception:
traceback.print_exc(file=sys.stdout)
sys.exit(0)
#END MAIN PROGRAM HERE!!!
#START RUN main program/functions HERE!!!
if __name__ == "__main__":
main()
#END RUN main program/functions HERE!!!
TEST RESULT
-------------------
$ python ./fail2ban-banned-ipAddress.py -date 2016-01-31
word6: 183.3.202.109
word6: 183.3.202.109
word6: 27.75.97.233
word6: 183.3.202.109
word6: 222.187.222.220
word6: 183.3.202.109
word6: 77.73.91.28
word6: 59.47.0.149
word6: 183.3.202.109
word6: 77.73.91.28
word6: 77.73.91.28
word6: 185.130.5.184
word6: 183.3.202.109
word6: 221.203.142.71
banIP_addrs: {'183.3.202.109', '59.47.0.149', '222.187.222.220',
'77.73.91.28', '27.75.97.233', '221.203.142.71', '185.130.5.184'}
i: 183.3.202.109
whoisVAR: abuse-mailbox: anti-spam at ns.chinanet.cn.net
abuse-mailbox: antispam_gdnoc at 189.cn
country: CN
e-mail: anti-spam at ns.chinanet.cn.net
e-mail: gdnoc_HLWI at 189.cn
netname: CHINANET-GD
i: 59.47.0.149
whoisVAR: abuse-mailbox: anti-spam at ns.chinanet.cn.net
country: CN
e-mail: anti-spam at ns.chinanet.cn.net
e-mail: lnabuse at lntele.com
netname: CHINANET-LN
More information about the Tutor
mailing list