Created
July 11, 2023 19:49
-
-
Save vamega/47aab1041469d8d560d9868f01a0b248 to your computer and use it in GitHub Desktop.
SSHGuard Blacklist Merge
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
"""SSHGuard Blacklist Merger | |
This script takes a list of SSHGuard blacklist files as arguments, and | |
outputs an SSHGuard blacklist file that is the merger of all of them. | |
The timestamp of the last seen value in the merged output is the last time | |
an entry was seen in any of the input files. An entry is the unique by | |
ip address, ip protocol version and SSHGuard service type. | |
Example usage: | |
sshguard-blacklist-merge.py host1.db host2.db > merged.db | |
""" | |
import sys | |
from collections import namedtuple | |
Entry = namedtuple('Entry', ['ts', 'line']) | |
merged = {} | |
for db in sys.argv[1:]: | |
with open(db, 'r') as f: | |
for line in f: | |
ts, _, rest = line.partition("|") | |
if rest not in merged or ts > merged[rest].ts: | |
merged[rest] = Entry(ts, line) | |
for ts, line in sorted(merged.values()): | |
print(line, end="") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment