# -*- coding: utf-8 -*-
import commands
import platform
import time
def check_ports(allow_ports):
tmp = commands.getoutput('netstat -nltp')
tmp = tmp[tmp.find('tcp'):]
tmps = tmp.split()
lines = len(tmps) / 7
start = 1
has_illege_ports = False
ports_info = {}
while start <= lines:
port = tmps[((start-1)*7) + 3]
port = port[port.find(':')+1:]
if port not in allow_ports:
has_illege_ports = True
prom = tmps[((start-1)*7) + 6]
prom = prom[prom.find('/')+1:]
ports_info[port] = prom
start = start + 1
return has_illege_ports, ports_info
def check_firewall_status():
comm_line = 'service firewalld status'
if platform.system() == 'Linux':
tmp = commands.getoutput(comm_line)
if 'inactive' in tmp:
return False
return True
def get_user_login_info():
user = ''
ip = ''
datetime = ''
curr_year = time.strftime("%Y", time.localtime())
all_info=[]
for line in open("/var/log/secure"):
if 'Invalid user' in line:
login_info ={}
login_info['user'] = line[line.find('Invalid user')+13:line.find('from')-1]
login_info['ip'] = line[line.find('from')+5:line.find('port')-1]
login_info['dt'] = fmt_time(line[0:line.find(get_host_name())-1])
login_info['rt'] = 'fail'
all_info.append(login_info)
if 'Accepted password for' in line:
login_info ={}
login_info['dt'] = fmt_time(line[0:line.find(get_host_name())-1])
login_info['user'] = line[line.find('for')+4:line.find('from')-1]
login_info['ip'] = line[line.find('from')+5:line.find('port')-1]
login_info['rt'] = 'ok'
all_info.append(login_info)
return all_info
def get_host_name():
return commands.getoutput('cat /etc/hostname')
def fmt_time(fdate):
mons = {'Jan':'01','Feb':'02','Mar':'03','Apr':'04','May':'05','Jun':'06','Jul':'07','Aug':'08','Sep':'09','Oct':'10','Nov':'11','Dec':'12'}
ds = fdate.split()
day = ds[1] if (len(ds[1])==2) else '0'+ds[1]
month = mons[ds[0]]
year = time.strftime("%Y", time.localtime())
return year+"-"+month+"-"+day +" "+ds[2]
def get_user_info():
tmp = commands.getoutput('cat /etc/passwd')
tmps = tmp.split()
users = []
for line in tmps:
if '/bin/bash' in line:
ts = line.split(':')
users.append(ts[0])
return users
if __name__ == '__main__':
allow_ports = ['8000','22']
has_illege_ports, info = check_ports(allow_ports)
print has_illege_ports
print info
firewall_status = check_firewall_status()
print 'firewall_status' + str(firewall_status)
login_info = get_user_login_info()
print login_info
user_info = get_user_info()
print user_info
pass