david
/
failUser


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
							#!/usr/bin/env python3
from json import loads, dumps
from json.decoder import JSONDecodeError
import pendulum
from subprocess import run, PIPE
from os.path import exists, join
from pyinotify import WatchManager, Notifier, ProcessEvent
from pyinotify import IN_MODIFY, IN_DELETE, IN_MOVE_SELF, IN_CREATE
import sys

# Branch off the logging into a seperate file
from config import log

myfile = join("bbs", "logs", "enigma-bbs.log")
TARGET = open(myfile, 'r')
TARGET.seek(0,2)

WM = WatchManager()
dirmask = IN_MODIFY | IN_DELETE | IN_MOVE_SELF | IN_CREATE

def blocker(ip):
    # Utility function to block given ip as string
    call = run(["iptables", "-I", "DOCKER-USER", "-i", "eth0", "-s", ip, "-j", "DROP"], stdout=PIPE, check=True)
    # print("iptables -I DOCKER-USER -i eth0 -s {0} -j DROP".format(ip))

def is_bad(line):
    # Given line, attempt to parse... then is there a issue with it
    # Returns a python dict with ip and time in log
    try:
        j = loads(line)
        if j["msg"] == "Attempt to login with banned username":
            r = {}
            r["ip"] = "{0}".format(j["ip"][7:])
            r["time"] = j["time"]
            return r
    except JSONDecodeError:
        log.error("Failed to decode line, '{0}'".format(line))

class EventHandler(ProcessEvent):
    def process_IN_MODIFY(self, event):
        if myfile not in join(event.path, event.name):
            return
        else:
            luser = is_bad(TARGET.readline().rstrip())
            if(luser):
                blocker(luser["ip"])
                now = pendulum.now().to_datetime_string()
                log.info("Blocked {0} at {1}".format(luser["ip"], now))

    def process_IN_MOVE_SELF(self, event):
        log.debug("Log file moved... continuing read on stale log!")

    def process_IN_CREATE(self, event):
        if myfile in join(event.path, event.name):
            TARGET.close()
            TARGET = open(myfile, 'r')
            log.debug("Log file created... Catching up!")
            for line in TARGET.readlines():
                luser = is_bad(line.rstrip())
                if(luser):
                    blocker(luser["ip"])
                    now = pendulum.now().to_datetime_string()
                    log.info("Blocked {0} at {1}".format(luser["ip"], now))
            TARGET.seek(0,2)
        return

notifier = Notifier(WM, EventHandler())
index = myfile.rfind("/")
WM.add_watch(myfile[:index], dirmask)

while True:
    try:
        notifier.process_events()
        if notifier.check_events():
            notifier.read_events()
    except KeyboardInterrupt:
        break

notifier.stop()
TARGET.close()
sys.exit(0)

# Collecting banned users
# lusers = {}
# with open(TARGET, "r") as f:
#     for l in f:
#         user = is_bad(l)
#         if user:
#             lusers[user["ip"]] = user["time"]

# Itterate over all blocked users
# for u in lusers:
#     print("Blocking {0}".format(u))
#     blocker(u)
#     now = pendulum.now()
#     log.info("Blocked {0} at {1}".format(u, now.to_datetime_string()))