效果
源码
from subprocess import getoutput, getstatusoutput
from datetime import datetime, timedelta
from ColorInfo import ColorLogger
class LoginBlocking:
def __init__(self, failed=2, day=-30):
"""
登录拦截
:param day: 设置往前的天数
:param failed: 设置需要拉黑的IP攻击次数,默认: 2
"""
self.failed = failed
self.os_type = getoutput("""grep ^ID /etc/os-release | sed 's/ID=//' | sed -n 1p | sed 's#\"##g'""")
self.logger = ColorLogger()
self.res = []
self.Blacklist = []
self.WriteFile = "/etc/hosts.deny"
self.Source = ""
self.dateStart = datetime.now() + timedelta(days=day)
self.dateStart = self.dateStart.date()
self.IpDic = {"10.2.2.4": 3}
self.UserDic = {}
def Read(self, file):
"""
读取源配置信息
:return:
"""
self.Source = getoutput("cat " + file)
def Write(self):
"""
开始写入
:return:
"""
self.Read(self.WriteFile)
OldIpList = getoutput("awk '{print $2}' /etc/hosts.deny").split("\n")
ba = len(OldIpList)
ws = 0
for ip in self.IpDic:
s = "\nALL: " + ip
if self.IpDic[ip] >= self.failed and ip not in OldIpList:
self.logger.debug("新增黑名单: ", ip)
self.Source = self.Source + s
ws += 1
else:
self.logger.debug("黑名单已存在: ", ip)
if ws > 0:
try:
with open(file=self.WriteFile, mode='w', encoding="utf-8") as w:
w.write(self.Source)
w.close()
self.logger.info("黑名单写入成功,本次新增增加: ", ws, "个IP")
ba += ws
except Exception as e:
self.logger.error(str(e))
else:
self.logger.info("检测结束,本次未新增任何IP")
self.logger.info("累计添加黑名单数量: ", ba)
def check(self):
cmd = """lastb --time-format iso | awk '{print $1,$3,$4}'"""
self.res = getstatusoutput(cmd)
if self.res[0] == 0:
self.logger.warning("检测到有用户登录失败记录")
else:
self.logger.debug("未检测到用户登录失败信息")
def handel(self):
data = self.res[1].split("\n")
for i in data:
sliceI = str(i).split(" ")
user = sliceI[0]
ip = sliceI[1]
date = sliceI[2].split("T")[0]
sliceDate = str(date).split("-")
if len(sliceDate) != 3:
continue
ys = sliceDate[0]
ms = sliceDate[1]
ds = sliceDate[2]
if len(ys) == 4 and len(ms) == 2 and len(ds) == 2:
y = int(ys.replace("\n", '').replace(" ", ''))
m = str(ms.replace("\n", '').replace(" ", ''))
if len(m) > 1:
if m[0] == "0":
m = int(m[1])
d = ds.replace("\n", '').replace(" ", '')
if len(d) > 1:
if d[0] == "0":
d = int(d[1])
stop = datetime(int(y), int(m), int(d)).date()
if stop > self.dateStart:
ip = str(ip).replace(" ", '')
user = str(user).replace(" ", '')
print("用户: ", user, "- IP: ", ip)
if ip in self.IpDic:
s = self.IpDic[ip] + 1
self.IpDic[ip] = int(s)
else:
self.IpDic[ip] = 1
if user in self.UserDic:
self.UserDic[user] = self.UserDic[user] + 1
else:
self.UserDic[user] = 1
for i in self.IpDic:
print("黑名单地址: ", i, " 攻击次数: ", self.IpDic[i])
def start(self):
self.check()
self.handel()
self.Write()
if __name__ == "__main__":
ss = LoginBlocking()
ss.start()