Created
August 21, 2018 01:57
-
-
Save mvmthecreator/fa78b3cf51829576e1ccf8ac41844979 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Petrus Alexandre Pavoni Gomes | |
# petrusgomes@gmail.com | |
# | |
# 25/09/2010 | |
# | |
# UFW-Notify v0.2: | |
# Show a notification popup (libnotify) when UFW Firewall blocks a connection. | |
# It reads last line from firwall log with "tail" command, parse it and show | |
# **My first Python script and just a draft for the idea. A little ugly yet. | |
# | |
# =LICENSE= | |
# This program is free software; you can redistribute it and/or modify | |
# it under the terms of the GNU General Public License version 3 as | |
# published by the Free Software Foundation. Without any | |
# sort of warranty. | |
# =END LICENSE= | |
############################################################################ | |
import re # regular expressions | |
import commands # linux commands | |
import pynotify # notifications | |
import pyinotify # file watcher | |
# Path of firewall log | |
logfile="/var/log/ufw.log" | |
# Regular Expressions for log fields | |
# Spaces are very important! It was hard to code, will be hard to read. | |
re_DATE="([A-Z][a-z]{2} {1,2}[1-9]{1,2} [0-9]{2}:[0-9]{2}:[0-9]{2})" | |
re_HOST=" (.* kernel:)" | |
re_UFW=" (\[[ ]*?[0-9]*\.[0-9]*\] \[UFW .*\])" | |
re_NIC=" (IN=.* OUT=.*)" | |
re_MAC=" (MAC=(([a-fA-F0-9]{2}[:|\-]?)?){14})" | |
re_IP=" (SRC=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} DST=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})" | |
re_OTHER=" (LEN=[0-9]* TOS=.* PREC=.* TTL=[0-9]* ID=[0-9]*.*)" | |
re_INFO=" (PROTO=.* SPT=[0-9]* DPT=[0-9]*)" | |
re_END=" (.*)" | |
# Compile Regex | |
p = re.compile(re_DATE+re_HOST+re_UFW+re_NIC+re_MAC+re_IP+re_OTHER+re_INFO) | |
#-------------------------------------------------------------------------------- | |
# What to do when file is modified. | |
class EventHandler(pyinotify.ProcessEvent): | |
def process_IN_MODIFY(self, event): | |
# Last line from log file, using 'tail' | |
out = commands.getoutput("tail -n 1 "+logfile) | |
# if firewall blocked a connection | |
if "BLOCK" in out: | |
# Parsing | |
m = p.match(out) | |
date = m.group(1) | |
ip = m.group(8) | |
ports = m.group(10) | |
message = (date +" \n"+ ip +" \n"+ ports) | |
# Show Notification | |
pynotify.init("Connection Blocked") | |
notification = pynotify.Notification("Connection Blocked!",message) | |
notification.show() | |
#-------------------------------------------------------------------------------- | |
# The watch manager stores the watches and provides operations on watches | |
wm = pyinotify.WatchManager() | |
handler = EventHandler() | |
notifier = pyinotify.Notifier(wm, handler) | |
# Internally, 'handler' is a callable object which on new events will be called like this: handler(new_event) | |
# Watched event | |
mask = pyinotify.IN_MODIFY | |
# Start watching a path | |
wdd = wm.add_watch(logfile, mask, rec=False) | |
# Loop while not SIGINT received | |
notifier.loop() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment