tejasri-v/#cs1004_Lab10.txt Secret

## #cs1004_Lab10.txt
For this problem you will write a java program called Fail2Ban. This program will take two command line arguments: the name of a single log file (such as the one attached to this assignment) and the name of an output file.

You will read each line of the program in, extract the IP address from the line and determine whether the line is a failed login attempt or valid login attempt.

Look through the logs_processed.txt file. It follows a fairly clear format and indicates “Invalid” whenever a bad attempt is made. Once you identify the invalid line, the IP address should always be in the same position. Make use of String’s split method to parse the lines.

Keep track of the number of times a particular IP address fails to login.

Your program should then open the output file and print a list of IP addresses to that fail 3 or more times.

A sample command line execution of this file might look like this:

$ java Fail2Ban logs_processed.txt output.txt

The list of IP addresses that have failed 3 or more times should appear in the output.txt file.

You are provided with an empty Fail2Ban.java file to fill in your solution to the assignment.


## Fail2Ban.java
import java.util.ArrayList;
import java.util.Scanner;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.PrintWriter;

public class Fail2Ban{

    public static void main(String[] args) throws FileNotFoundException{

        String inputName = args[0]; // saves user input as a string
        PrintWriter out = new PrintWriter( args[1] ); // uses second user input to create an output file

        File input = new File(inputName); // initializes a new file
        Scanner in = new Scanner(input);

        ArrayList<String> ipAd = new ArrayList<String>(); // saves all of the ip addressee that have faiced (including repeats)

        while(in.hasNextLine()){

            String[] s = in.nextLine().split(" "); // split each line by spaces
            String ipCheck = s[5].toLowerCase(); // sixth item is always either "invalid" or "accepted"
            if(ipCheck.contains("invalid")){ // if it is invalid

                String ip = s[9]; // s[9] is the location of the ip address
                ipAd.add(ip); // store the ip address in the arrayList of ip addresses


            }

        }


        ArrayList<String> failedThreeTimes = new ArrayList<String>(); // creates a new arrayList that will oonly store the addresses that occur 3 or more times
        int count = 0; // counts how many times an ip address occurs

        for(String s : ipAd){ // nested for loop to compare one item from all of the other items


            for(String r : ipAd){

                if(s == r){ // if there is a repeat

                    count++; // increase the count

                }


            }

            if(count >= 3){ // if the count is greater than 3

                if(!failedThreeTimes.contains(s)){ // and the ip is not already in the arrayList

                    failedThreeTimes.add(s); // add the ip to the list

                }

            }


        }

        for(String s : failedThreeTimes){

            out.println(s); // prints each item in the arrayList into the output file

        }

        out.close(); // closee the output file

    }

}

## logs_processed.txt
Apr 12 13:07:59 fembot sshd[22146]: Accepted publickey for pblaer from 108.14.56.33 port 58518 ssh2
Apr 12 13:08:17 fembot sshd[22457]: Accepted publickey for pblaer from 108.14.56.33 port 58519 ssh2
Apr 12 13:08:20 fembot sshd[22706]: Accepted publickey for pblaer from 108.14.56.33 port 58520 ssh2
Apr 12 13:19:00 fembot sshd[22978]: Accepted publickey for pblaer from 108.14.56.33 port 58532 ssh2
Apr 12 14:06:54 fembot sshd[23396]: Invalid user admin from 37.72.179.246
Apr 12 14:07:14 fembot sshd[23404]: Invalid user admin from 37.72.179.246
Apr 12 14:07:43 fembot sshd[23408]: Invalid user ftpuser from 37.72.179.246
Apr 12 14:07:57 fembot sshd[23419]: Invalid user PlcmSpIp from 37.72.179.246
Apr 12 14:08:12 fembot sshd[23421]: Invalid user pi from 37.72.179.246
Apr 12 21:10:58 fembot sshd[24195]: Invalid user ubnt from 222.186.3.84
Apr 12 22:51:58 fembot sshd[24358]: Invalid user info from 121.240.209.150
Apr 12 23:00:43 fembot sshd[24540]: Invalid user direccion from 182.18.172.66
Apr 12 23:03:47 fembot sshd[24715]: Invalid user ubnt from 121.240.209.150
Apr 12 23:09:28 fembot sshd[25059]: Invalid user simon from 182.18.172.66
Apr 12 23:09:30 fembot sshd[25061]: Invalid user server from 182.18.172.66
Apr 12 23:09:32 fembot sshd[25063]: Invalid user linux from 182.18.172.66
Apr 12 23:09:34 fembot sshd[25065]: Invalid user info from 182.18.172.66
Apr 12 23:09:38 fembot sshd[25069]: Invalid user operator from 182.18.172.66
Apr 12 23:09:40 fembot sshd[25071]: Invalid user guest from 182.18.172.66
Apr 12 23:09:42 fembot sshd[25073]: Invalid user webadmin from 182.18.172.66
Apr 12 23:09:44 fembot sshd[25075]: Invalid user user from 182.18.172.66
Apr 12 23:09:47 fembot sshd[25077]: Invalid user user from 182.18.172.66
Apr 12 23:09:49 fembot sshd[25079]: Invalid user ftp from 182.18.172.66
Apr 12 23:09:51 fembot sshd[25081]: Invalid user oracle from 182.18.172.66
Apr 12 23:09:53 fembot sshd[25083]: Invalid user oracle from 182.18.172.66
Apr 12 23:09:55 fembot sshd[25085]: Invalid user test from 182.18.172.66
Apr 12 23:09:57 fembot sshd[25087]: Invalid user soporte from 182.18.172.66
Apr 12 23:09:59 fembot sshd[25089]: Invalid user postgres from 182.18.172.66
Apr 12 23:10:01 fembot sshd[25091]: Invalid user henry from 182.18.172.66
Apr 12 23:10:03 fembot sshd[25093]: Invalid user admin from 182.18.172.66
Apr 12 23:10:06 fembot sshd[25095]: Invalid user test from 182.18.172.66
Apr 13 16:51:34 fembot sshd[28775]: Invalid user zhangyan from 211.101.24.200
Apr 13 16:51:41 fembot sshd[28777]: Invalid user dff from 211.101.24.200
Apr 13 17:14:29 fembot sshd[28844]: Invalid user Bobo from 61.147.107.109
Apr 13 23:01:40 fembot sshd[30417]: Accepted publickey for pblaer from 108.14.56.33 port 60047 ssh2
Apr 14 05:10:16 fembot sshd[31623]: Invalid user ubnt from 61.160.221.232
Apr 14 11:55:33 fembot sshd[4361]: Invalid user test from 31.184.194.115
Apr 14 16:36:04 fembot sshd[8676]: Invalid user NONE from 95.110.213.46
Apr 14 16:36:05 fembot sshd[8678]: Invalid user user from 95.110.213.46
Apr 14 16:36:08 fembot sshd[8682]: Invalid user service from 95.110.213.46
Apr 14 16:36:09 fembot sshd[8684]: Invalid user oracle from 95.110.213.46
Apr 14 16:36:11 fembot sshd[8686]: Invalid user guest from 95.110.213.46
Apr 14 16:36:12 fembot sshd[8688]: Invalid user postmaster from 95.110.213.46
Apr 14 16:36:13 fembot sshd[8690]: Invalid user perforce from 95.110.213.46
Apr 14 16:36:15 fembot sshd[8692]: Invalid user postgres from 95.110.213.46
Apr 14 16:36:16 fembot sshd[8694]: Invalid user oracle from 95.110.213.46
Apr 14 16:36:18 fembot sshd[8696]: Invalid user master from 95.110.213.46
Apr 14 16:36:20 fembot sshd[8698]: Invalid user guest from 95.110.213.46
Apr 14 16:36:21 fembot sshd[8700]: Invalid user test1 from 95.110.213.46
Apr 14 16:36:22 fembot sshd[8702]: Invalid user dima from 95.110.213.46
Apr 14 16:36:24 fembot sshd[8704]: Invalid user dima from 95.110.213.46
Apr 14 16:36:25 fembot sshd[8706]: Invalid user dima from 95.110.213.46
Apr 14 16:36:26 fembot sshd[8708]: Invalid user dima from 95.110.213.46
Apr 14 16:36:28 fembot sshd[8710]: Invalid user dima from 95.110.213.46
Apr 14 16:36:29 fembot sshd[8714]: Invalid user dima from 95.110.213.46
Apr 14 16:36:30 fembot sshd[8716]: Invalid user dima from 95.110.213.46
Apr 14 16:36:31 fembot sshd[8718]: Invalid user jp from 95.110.213.46
Apr 14 16:36:33 fembot sshd[8720]: Invalid user jp from 95.110.213.46
Apr 14 16:36:34 fembot sshd[8722]: Invalid user jp from 95.110.213.46
Apr 14 16:36:36 fembot sshd[8724]: Invalid user jp from 95.110.213.46
Apr 14 16:36:38 fembot sshd[8726]: Invalid user jp from 95.110.213.46
Apr 14 16:36:39 fembot sshd[8728]: Invalid user jp from 95.110.213.46
Apr 14 19:33:04 fembot sshd[9837]: Accepted publickey for pblaer from 108.14.56.33 port 62384 ssh2
Apr 14 22:53:58 fembot sshd[10764]: Invalid user test from 31.184.194.115
Apr 14 23:09:56 fembot sshd[10800]: Invalid user ubnt from 104.149.88.208
Apr 14 23:53:12 fembot sshd[10904]: Accepted publickey for pblaer from 108.14.56.33 port 64052 ssh2
Apr 14 23:55:23 fembot sshd[11282]: Invalid user ubnt from 118.26.131.18
Apr 15 08:11:15 fembot sshd[13131]: Accepted publickey for pblaer from 108.14.56.33 port 64536 ssh2
Apr 15 08:15:05 fembot sshd[13484]: Accepted publickey for pblaer from 108.14.56.33 port 64540 ssh2
Apr 15 08:15:08 fembot sshd[13628]: Accepted publickey for pblaer from 108.14.56.33 port 64541 ssh2
Apr 15 10:19:02 fembot sshd[13967]: Invalid user scan from 31.184.194.115
Apr 15 14:08:36 fembot sshd[14984]: Invalid user admin from 173.243.112.152
Apr 15 14:22:51 fembot sshd[15298]: Invalid user ubnt from 61.160.215.26

## outputs.txt
37.72.179.246
222.186.3.84
121.240.209.150
182.18.172.66
211.101.24.200
61.147.107.109
61.160.221.232
31.184.194.115
95.110.213.46
104.149.88.208
118.26.131.18
173.243.112.152
61.160.215.26
	For this problem you will write a java program called Fail2Ban. This program will take two command line arguments: the name of a single log file (such as the one attached to this assignment) and the name of an output file.

	You will read each line of the program in, extract the IP address from the line and determine whether the line is a failed login attempt or valid login attempt.

	Look through the logs_processed.txt file. It follows a fairly clear format and indicates “Invalid” whenever a bad attempt is made. Once you identify the invalid line, the IP address should always be in the same position. Make use of String’s split method to parse the lines.

	Keep track of the number of times a particular IP address fails to login.

	Your program should then open the output file and print a list of IP addresses to that fail 3 or more times.

	A sample command line execution of this file might look like this:

	$ java Fail2Ban logs_processed.txt output.txt

	The list of IP addresses that have failed 3 or more times should appear in the output.txt file.

	You are provided with an empty Fail2Ban.java file to fill in your solution to the assignment.
	import java.util.ArrayList;
	import java.util.Scanner;
	import java.io.File;
	import java.io.FileNotFoundException;
	import java.io.PrintWriter;

	public class Fail2Ban{

	public static void main(String[] args) throws FileNotFoundException{

	String inputName = args[0]; // saves user input as a string
	PrintWriter out = new PrintWriter( args[1] ); // uses second user input to create an output file

	File input = new File(inputName); // initializes a new file
	Scanner in = new Scanner(input);

	ArrayList<String> ipAd = new ArrayList<String>(); // saves all of the ip addressee that have faiced (including repeats)

	while(in.hasNextLine()){

	String[] s = in.nextLine().split(" "); // split each line by spaces
	String ipCheck = s[5].toLowerCase(); // sixth item is always either "invalid" or "accepted"
	if(ipCheck.contains("invalid")){ // if it is invalid

	String ip = s[9]; // s[9] is the location of the ip address
	ipAd.add(ip); // store the ip address in the arrayList of ip addresses


	}

	}


	ArrayList<String> failedThreeTimes = new ArrayList<String>(); // creates a new arrayList that will oonly store the addresses that occur 3 or more times
	int count = 0; // counts how many times an ip address occurs

	for(String s : ipAd){ // nested for loop to compare one item from all of the other items


	for(String r : ipAd){

	if(s == r){ // if there is a repeat

	count++; // increase the count

	}


	}

	if(count >= 3){ // if the count is greater than 3

	if(!failedThreeTimes.contains(s)){ // and the ip is not already in the arrayList

	failedThreeTimes.add(s); // add the ip to the list

	}

	}


	}

	for(String s : failedThreeTimes){

	out.println(s); // prints each item in the arrayList into the output file

	}

	out.close(); // closee the output file

	}

	}
	Apr 12 13:07:59 fembot sshd[22146]: Accepted publickey for pblaer from 108.14.56.33 port 58518 ssh2
	Apr 12 13:08:17 fembot sshd[22457]: Accepted publickey for pblaer from 108.14.56.33 port 58519 ssh2
	Apr 12 13:08:20 fembot sshd[22706]: Accepted publickey for pblaer from 108.14.56.33 port 58520 ssh2
	Apr 12 13:19:00 fembot sshd[22978]: Accepted publickey for pblaer from 108.14.56.33 port 58532 ssh2
	Apr 12 14:06:54 fembot sshd[23396]: Invalid user admin from 37.72.179.246
	Apr 12 14:07:14 fembot sshd[23404]: Invalid user admin from 37.72.179.246
	Apr 12 14:07:43 fembot sshd[23408]: Invalid user ftpuser from 37.72.179.246
	Apr 12 14:07:57 fembot sshd[23419]: Invalid user PlcmSpIp from 37.72.179.246
	Apr 12 14:08:12 fembot sshd[23421]: Invalid user pi from 37.72.179.246
	Apr 12 21:10:58 fembot sshd[24195]: Invalid user ubnt from 222.186.3.84
	Apr 12 22:51:58 fembot sshd[24358]: Invalid user info from 121.240.209.150
	Apr 12 23:00:43 fembot sshd[24540]: Invalid user direccion from 182.18.172.66
	Apr 12 23:03:47 fembot sshd[24715]: Invalid user ubnt from 121.240.209.150
	Apr 12 23:09:28 fembot sshd[25059]: Invalid user simon from 182.18.172.66
	Apr 12 23:09:30 fembot sshd[25061]: Invalid user server from 182.18.172.66
	Apr 12 23:09:32 fembot sshd[25063]: Invalid user linux from 182.18.172.66
	Apr 12 23:09:34 fembot sshd[25065]: Invalid user info from 182.18.172.66
	Apr 12 23:09:38 fembot sshd[25069]: Invalid user operator from 182.18.172.66
	Apr 12 23:09:40 fembot sshd[25071]: Invalid user guest from 182.18.172.66
	Apr 12 23:09:42 fembot sshd[25073]: Invalid user webadmin from 182.18.172.66
	Apr 12 23:09:44 fembot sshd[25075]: Invalid user user from 182.18.172.66
	Apr 12 23:09:47 fembot sshd[25077]: Invalid user user from 182.18.172.66
	Apr 12 23:09:49 fembot sshd[25079]: Invalid user ftp from 182.18.172.66
	Apr 12 23:09:51 fembot sshd[25081]: Invalid user oracle from 182.18.172.66
	Apr 12 23:09:53 fembot sshd[25083]: Invalid user oracle from 182.18.172.66
	Apr 12 23:09:55 fembot sshd[25085]: Invalid user test from 182.18.172.66
	Apr 12 23:09:57 fembot sshd[25087]: Invalid user soporte from 182.18.172.66
	Apr 12 23:09:59 fembot sshd[25089]: Invalid user postgres from 182.18.172.66
	Apr 12 23:10:01 fembot sshd[25091]: Invalid user henry from 182.18.172.66
	Apr 12 23:10:03 fembot sshd[25093]: Invalid user admin from 182.18.172.66
	Apr 12 23:10:06 fembot sshd[25095]: Invalid user test from 182.18.172.66
	Apr 13 16:51:34 fembot sshd[28775]: Invalid user zhangyan from 211.101.24.200
	Apr 13 16:51:41 fembot sshd[28777]: Invalid user dff from 211.101.24.200
	Apr 13 17:14:29 fembot sshd[28844]: Invalid user Bobo from 61.147.107.109
	Apr 13 23:01:40 fembot sshd[30417]: Accepted publickey for pblaer from 108.14.56.33 port 60047 ssh2
	Apr 14 05:10:16 fembot sshd[31623]: Invalid user ubnt from 61.160.221.232
	Apr 14 11:55:33 fembot sshd[4361]: Invalid user test from 31.184.194.115
	Apr 14 16:36:04 fembot sshd[8676]: Invalid user NONE from 95.110.213.46
	Apr 14 16:36:05 fembot sshd[8678]: Invalid user user from 95.110.213.46
	Apr 14 16:36:08 fembot sshd[8682]: Invalid user service from 95.110.213.46
	Apr 14 16:36:09 fembot sshd[8684]: Invalid user oracle from 95.110.213.46
	Apr 14 16:36:11 fembot sshd[8686]: Invalid user guest from 95.110.213.46
	Apr 14 16:36:12 fembot sshd[8688]: Invalid user postmaster from 95.110.213.46
	Apr 14 16:36:13 fembot sshd[8690]: Invalid user perforce from 95.110.213.46
	Apr 14 16:36:15 fembot sshd[8692]: Invalid user postgres from 95.110.213.46
	Apr 14 16:36:16 fembot sshd[8694]: Invalid user oracle from 95.110.213.46
	Apr 14 16:36:18 fembot sshd[8696]: Invalid user master from 95.110.213.46
	Apr 14 16:36:20 fembot sshd[8698]: Invalid user guest from 95.110.213.46
	Apr 14 16:36:21 fembot sshd[8700]: Invalid user test1 from 95.110.213.46
	Apr 14 16:36:22 fembot sshd[8702]: Invalid user dima from 95.110.213.46
	Apr 14 16:36:24 fembot sshd[8704]: Invalid user dima from 95.110.213.46
	Apr 14 16:36:25 fembot sshd[8706]: Invalid user dima from 95.110.213.46
	Apr 14 16:36:26 fembot sshd[8708]: Invalid user dima from 95.110.213.46
	Apr 14 16:36:28 fembot sshd[8710]: Invalid user dima from 95.110.213.46
	Apr 14 16:36:29 fembot sshd[8714]: Invalid user dima from 95.110.213.46
	Apr 14 16:36:30 fembot sshd[8716]: Invalid user dima from 95.110.213.46
	Apr 14 16:36:31 fembot sshd[8718]: Invalid user jp from 95.110.213.46
	Apr 14 16:36:33 fembot sshd[8720]: Invalid user jp from 95.110.213.46
	Apr 14 16:36:34 fembot sshd[8722]: Invalid user jp from 95.110.213.46
	Apr 14 16:36:36 fembot sshd[8724]: Invalid user jp from 95.110.213.46
	Apr 14 16:36:38 fembot sshd[8726]: Invalid user jp from 95.110.213.46
	Apr 14 16:36:39 fembot sshd[8728]: Invalid user jp from 95.110.213.46
	Apr 14 19:33:04 fembot sshd[9837]: Accepted publickey for pblaer from 108.14.56.33 port 62384 ssh2
	Apr 14 22:53:58 fembot sshd[10764]: Invalid user test from 31.184.194.115
	Apr 14 23:09:56 fembot sshd[10800]: Invalid user ubnt from 104.149.88.208
	Apr 14 23:53:12 fembot sshd[10904]: Accepted publickey for pblaer from 108.14.56.33 port 64052 ssh2
	Apr 14 23:55:23 fembot sshd[11282]: Invalid user ubnt from 118.26.131.18
	Apr 15 08:11:15 fembot sshd[13131]: Accepted publickey for pblaer from 108.14.56.33 port 64536 ssh2
	Apr 15 08:15:05 fembot sshd[13484]: Accepted publickey for pblaer from 108.14.56.33 port 64540 ssh2
	Apr 15 08:15:08 fembot sshd[13628]: Accepted publickey for pblaer from 108.14.56.33 port 64541 ssh2
	Apr 15 10:19:02 fembot sshd[13967]: Invalid user scan from 31.184.194.115
	Apr 15 14:08:36 fembot sshd[14984]: Invalid user admin from 173.243.112.152
	Apr 15 14:22:51 fembot sshd[15298]: Invalid user ubnt from 61.160.215.26
	37.72.179.246
	222.186.3.84
	121.240.209.150
	182.18.172.66
	211.101.24.200
	61.147.107.109
	61.160.221.232
	31.184.194.115
	95.110.213.46
	104.149.88.208
	118.26.131.18
	173.243.112.152
	61.160.215.26