Added Username detection rather than msg

  Now we catch bad_users rather than a msg about a banned username.

config.py

@@ -44,6 +44,14 @@ def load_config():
             "block_time": 4,
             # Last unblock
             "last_unblock": now,
+            # List of bad users to detect and block
+            "bad_users": [
+                "root",
+                "postgres",
+                "mysql",
+                "apache",
+                "nginx",
+            ],
         }
         save_config(defaults)
         return defaults

failUser.py

@@ -16,8 +16,11 @@ from config import log, load_config, save_config, add_block, rm_block, check_blo
 myConfig = load_config()
 
 myfile = myConfig["target"]
-TARGET = open(myfile, 'r')
-TARGET.seek(0,2)
+last_run = myConfig["last_unblock"]
+bad_users = myConfig["bad_users"]
+
+target = open(myfile, 'r')
+target.seek(0,2)
 
 WM = WatchManager()
 dirmask = IN_MODIFY | IN_DELETE | IN_MOVE_SELF | IN_CREATE
@@ -38,7 +41,8 @@ def is_bad(line):
     if line: # Do we actually have something?
         try:
             j = loads(line)
-            if j["msg"] == "Attempt to login with banned username":
+            #if j["msg"] == "Attempt to login with banned username":
+            if j["username"] in bad_users:
                 r = {}
                 r["ip"] = "{0}".format(j["ip"][7:])
                 r["time"] = j["time"]
@@ -60,8 +64,8 @@ class EventHandler(ProcessEvent):
         if myfile not in join(event.path, event.name):
             return
         else:
-            #luser = is_bad(TARGET.readline().rstrip())
-            for line in TARGET.readlines():
+            #luser = is_bad(target.readline().rstrip())
+            for line in target.readlines():
                 luser = is_bad(line.rstrip())
                 if(luser):
                     blocker(luser["ip"])
@@ -74,32 +78,31 @@ class EventHandler(ProcessEvent):
         log.debug("Log file moved... continuing read on stale log!")
 
     def process_IN_CREATE(self, event):
-        global TARGET
+        global target
         if myfile in join(event.path, event.name):
-            TARGET.close()
-            TARGET = open(myfile, 'r')
+            target.close()
+            target = open(myfile, 'r')
             log.debug("Log file created... Catching up!")
-            for line in TARGET.readlines():
+            for line in target.readlines():
                 luser = is_bad(line.rstrip())
                 if(luser):
                     blocker(luser["ip"])
                     now = pendulum.now().to_atom_string()
                     log.info("Blocked {0} at {1}".format(luser["ip"], now))
                     add_block(luser["ip"], now)
-            TARGET.seek(0,2)
+            target.seek(0,2)
         return
 
 notifier = Notifier(WM, EventHandler())
 index = myfile.rfind("/")
 WM.add_watch(myfile[:index], dirmask)
+last = pendulum.parse(last_run)
 
 while True:
     try:
         now = pendulum.now()
-        last = pendulum.parse(myConfig["last_unblock"])
         if now.diff(last).in_hours() > 1:
-            myConfig["last_unblock"] = now.to_atom_string()
-            save_config(myConfig)
+            last = now
             checkup()
         notifier.process_events()
         if notifier.check_events():
@@ -107,6 +110,12 @@ while True:
     except KeyboardInterrupt:
         break
 
+# Issue stop on event system
 notifier.stop()
-TARGET.close()
-sys.exit(0)
+target.close()
+
+# Update config
+myConfig["last_unblock"] = last.to_atom_string()
+save_config(myConfig)
+
+exit(0)