mvmthecreator/watch.py

## watch.py
#!/usr/bin/python

# Petrus Alexandre Pavoni Gomes
# petrusgomes@gmail.com
#
# 25/09/2010
#
# UFW-Notify v0.2:
#  Show a notification popup (libnotify) when UFW Firewall blocks a connection.
#  It reads last line from firwall log with "tail" command, parse it and show
#  **My first Python script and just a draft for the idea. A little ugly yet.
#
# =LICENSE=
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3 as
# published by the Free Software Foundation. Without any
# sort of warranty.
# =END LICENSE=
############################################################################

import re        # regular expressions
import commands  # linux commands
import pynotify  # notifications
import pyinotify # file watcher

# Path of firewall log
logfile="/var/log/ufw.log"

# Regular Expressions for log fields
# Spaces are very important! It was hard to code, will be hard to read.
re_DATE="([A-Z][a-z]{2} {1,2}[1-9]{1,2} [0-9]{2}:[0-9]{2}:[0-9]{2})"
re_HOST=" (.* kernel:)"
re_UFW=" (\[[ ]*?[0-9]*\.[0-9]*\] \[UFW .*\])"
re_NIC=" (IN=.* OUT=.*)"
re_MAC=" (MAC=(([a-fA-F0-9]{2}[:|\-]?)?){14})"
re_IP=" (SRC=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} DST=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})"
re_OTHER=" (LEN=[0-9]* TOS=.* PREC=.* TTL=[0-9]* ID=[0-9]*.*)"
re_INFO=" (PROTO=.* SPT=[0-9]* DPT=[0-9]*)"
re_END=" (.*)"

# Compile Regex
p = re.compile(re_DATE+re_HOST+re_UFW+re_NIC+re_MAC+re_IP+re_OTHER+re_INFO)

#--------------------------------------------------------------------------------
# What to do when file is modified.
class EventHandler(pyinotify.ProcessEvent):

    def process_IN_MODIFY(self, event):
        # Last line from log file, using 'tail'
        out = commands.getoutput("tail -n 1 "+logfile)

        # if firewall blocked a connection
        if "BLOCK" in out:
            # Parsing
            m = p.match(out)

            date = m.group(1)
            ip = m.group(8)
            ports = m.group(10)

            message = (date +" \n"+ ip +" \n"+ ports)

            # Show Notification
            pynotify.init("Connection Blocked")
            notification = pynotify.Notification("Connection Blocked!",message)
            notification.show()
#--------------------------------------------------------------------------------

# The watch manager stores the watches and provides operations on watches
wm = pyinotify.WatchManager()

handler = EventHandler()
notifier = pyinotify.Notifier(wm, handler)
# Internally, 'handler' is a callable object which on new events will be called like this: handler(new_event)

# Watched event
mask = pyinotify.IN_MODIFY

# Start watching a path
wdd = wm.add_watch(logfile, mask, rec=False)

# Loop while not SIGINT received
notifier.loop()
	#!/usr/bin/python

	# Petrus Alexandre Pavoni Gomes
	# petrusgomes@gmail.com
	#
	# 25/09/2010
	#
	# UFW-Notify v0.2:
	# Show a notification popup (libnotify) when UFW Firewall blocks a connection.
	# It reads last line from firwall log with "tail" command, parse it and show
	# **My first Python script and just a draft for the idea. A little ugly yet.
	#
	# =LICENSE=
	# This program is free software; you can redistribute it and/or modify
	# it under the terms of the GNU General Public License version 3 as
	# published by the Free Software Foundation. Without any
	# sort of warranty.
	# =END LICENSE=
	############################################################################

	import re # regular expressions
	import commands # linux commands
	import pynotify # notifications
	import pyinotify # file watcher

	# Path of firewall log
	logfile="/var/log/ufw.log"

	# Regular Expressions for log fields
	# Spaces are very important! It was hard to code, will be hard to read.
	re_DATE="([A-Z][a-z]{2} {1,2}[1-9]{1,2} [0-9]{2}:[0-9]{2}:[0-9]{2})"
	re_HOST=" (.* kernel:)"
	re_UFW=" (\[[ ]?[0-9]\.[0-9]\] \[UFW .\])"
	re_NIC=" (IN=.* OUT=.*)"
	re_MAC=" (MAC=(([a-fA-F0-9]{2}[:\|\-]?)?){14})"
	re_IP=" (SRC=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} DST=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})"
	re_OTHER=" (LEN=[0-9]* TOS=.* PREC=.* TTL=[0-9]* ID=[0-9].)"
	re_INFO=" (PROTO=.* SPT=[0-9]* DPT=[0-9]*)"
	re_END=" (.*)"

	# Compile Regex
	p = re.compile(re_DATE+re_HOST+re_UFW+re_NIC+re_MAC+re_IP+re_OTHER+re_INFO)

	#--------------------------------------------------------------------------------
	# What to do when file is modified.
	class EventHandler(pyinotify.ProcessEvent):

	def process_IN_MODIFY(self, event):
	# Last line from log file, using 'tail'
	out = commands.getoutput("tail -n 1 "+logfile)

	# if firewall blocked a connection
	if "BLOCK" in out:
	# Parsing
	m = p.match(out)

	date = m.group(1)
	ip = m.group(8)
	ports = m.group(10)

	message = (date +" \n"+ ip +" \n"+ ports)

	# Show Notification
	pynotify.init("Connection Blocked")
	notification = pynotify.Notification("Connection Blocked!",message)
	notification.show()
	#--------------------------------------------------------------------------------

	# The watch manager stores the watches and provides operations on watches
	wm = pyinotify.WatchManager()

	handler = EventHandler()
	notifier = pyinotify.Notifier(wm, handler)
	# Internally, 'handler' is a callable object which on new events will be called like this: handler(new_event)

	# Watched event
	mask = pyinotify.IN_MODIFY

	# Start watching a path
	wdd = wm.add_watch(logfile, mask, rec=False)

	# Loop while not SIGINT received
	notifier.loop()