Last active
March 30, 2019 16:10
-
-
Save xhdix/42413cce25168c9fd7e1c55e61658480 to your computer and use it in GitHub Desktop.
Find the IP that is not related to the server administrator and users. (In journalctl or receive input in the form: [python unknown-ips.py 'cat /var/log/auth.log'] or any other text input)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
"""HDME - 19/12/2018""" | |
import os | |
import sys | |
print("begin") | |
ipvalid = ' |grep -oE "\\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b"' | |
if len(sys.argv) > 1: | |
logsv = os.popen(sys.argv[1] + ipvalid).read().splitlines() | |
else: | |
logsv = os.popen('journalctl' +ipvalid).read().splitlines() | |
lastu = os.popen('last').read().splitlines() | |
flag = 0 | |
sumi = [] | |
tryd = [] | |
for i, ip in enumerate(logsv, start=0): | |
flag = 1 | |
for j, linlast in enumerate(lastu, start=0): | |
if len(linlast) > 3: | |
if linlast.split()[0] != 'reboot': | |
ipl = linlast.split()[2] | |
if ipl == ip: | |
flag = 0 | |
break | |
if flag == 1: | |
if 0 < len(sumi): | |
for k, arry in enumerate(sumi, start=0): | |
if ip == arry: | |
flag = 0 | |
tryd[k] = tryd[k]+1 | |
break | |
if flag == 1: | |
sumi.append(ip) | |
tryd.append(1) | |
for m, val in enumerate(sumi, start=0): | |
tmps = "unknown-IP = " + val + ' ~ ' + str(tryd[m]) | |
print(tmps) | |
print("end") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment