一、目标
centos7.6下安装Python3.7.5
二、平台
[root@hiibm ~]# uname -r
3.10.0-957.el7.x86_64
[root@hiibm ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
三、解析
本脚本是检测centos7的/var/log/secure日志文件中登录失败的ip,执行本脚本的方法是shell下:python3 a006checkSecureAttack.py
四、代码展示
#!/usr/bin/env python
# -*- coding:utf-8 -*-
# Author:Kahn
# 本脚本是检测centos7的/var/log/secure日志文件中登录失败的ip,执行本脚本的方法是shell下:python3 a006checkSecureAttack.py
# 使用前注意修改filePath的路径。
import re
def main():
# filePath = r"H:\Downloads\secure.txt"
filePath = r"C:\data\pythonTmpCode\test001\secure100.txt"
# filePath = r"./secure-jt"
reDidIp = r"Did|^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
count1 = 0
reFailedIp = r"Failed password for root from|^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
count2 = 0
reFailureIp = r"failure|^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
count3 = 0
reFailed2 = r"Failed password for invalid|^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
count4 = 0
listIP = []
with open(filePath) as f:
for i in f:
resultDid = re.findall(reDidIp, i)
resultFailed = re.findall(reFailedIp, i)
resultFailure = re.findall(reFailureIp, i)
resultFailed2 = re.findall(reFailed2, i)
if resultDid:
sKey = i.split()[11]
count1 += 1
listIP.append(sKey)
if resultFailed:
sKey = i.split()[10]
count2 += 1
listIP.append(sKey)
if resultFailure:
sKey = i.split()[13]
count3 += 1
listIP.append(sKey.split("=")[1])
if resultFailed2:
sKey = i.split()[12]
count4 += 1
listIP.append(sKey)
Total = count1 + count2 + count3 + count4
difAll = set(listIP)
print("下面打印的是去重后的攻击源ip")
for i in difAll:
print(i)
print("总计{}次攻击,去重后的ip有{}个。".format(Total, len(difAll)))
if __name__ == '__main__':
main()
在windows运行成功,但在centos真机上运行失败了,郁闷
2019年12月3日23:30:29
2019年12月13日14:57:00完美版已写成。