david
/
failUser


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111
							#!/usr/bin/env python3
from json import loads, dumps
from json.decoder import JSONDecodeError
import pendulum
from subprocess import run, PIPE
from os.path import exists, join
from pyinotify import WatchManager, Notifier, ProcessEvent
from pyinotify import IN_MODIFY, IN_DELETE, IN_MOVE_SELF, IN_CREATE
import sys

# https://github.com/manos/python-inotify-tail_example/blob/master/tail-F_inotify.py

# Branch off the logging into a seperate file
from config import log, load_config, save_config, add_block, rm_block, check_blocks

myConfig = load_config()

myfile = myConfig["target"]
TARGET = open(myfile, 'r')
TARGET.seek(0,2)

WM = WatchManager()
dirmask = IN_MODIFY | IN_DELETE | IN_MOVE_SELF | IN_CREATE

def blocker(ip):
    # Utility function to block given ip as string
    #run(["iptables", "-I", "DOCKER-USER", "-i", "eth0", "-s", ip, "-j", "DROP"], stdout=PIPE, check=True)
    print("iptables -I DOCKER-USER -i eth0 -s {0} -j DROP".format(ip))

def unblocker(ip):
    # Utility function to unblock given ip as string
    #run(["iptables", "-D", "DOCKER-USER", "-i", "eth0", "-s", ip, "-j", "DROP"], stdout=PIPE, check=True)
    print("iptables -D DOCKER-USER -i eth0 -s {0} -j DROP".format(ip))

def is_bad(line):
    # Given line, attempt to parse... then is there a issue with it
    # Returns a python dict with ip and time in log
    if line: # Do we actually have something?
        try:
            j = loads(line)
            if j["msg"] == "Attempt to login with banned username":
                r = {}
                r["ip"] = "{0}".format(j["ip"][7:])
                r["time"] = j["time"]
                return r
        except JSONDecodeError:
            log.error("Failed to decode line, '{0}'".format(line))

def checkup():
    # Check all our blocks
    unblocks = check_blocks()
    if unblocks:
        for ip in unblocks:
            log.info("Unblock {0}".format(ip))
            unblocker(ip)
            rm_block(ip)

class EventHandler(ProcessEvent):
    def process_IN_MODIFY(self, event):
        if myfile not in join(event.path, event.name):
            return
        else:
            luser = is_bad(TARGET.readline().rstrip())
            if(luser):
                blocker(luser["ip"])
                now = pendulum.now().to_atom_string()
                log.info("Blocked {0} at {1}".format(luser["ip"], now))
                add_block(luser["ip"], now)


    def process_IN_MOVE_SELF(self, event):
        log.debug("Log file moved... continuing read on stale log!")

    def process_IN_CREATE(self, event):
        global TARGET
        if myfile in join(event.path, event.name):
            TARGET.close()
            TARGET = open(myfile, 'r')
            log.debug("Log file created... Catching up!")
            for line in TARGET.readlines():
                luser = is_bad(line.rstrip())
                if(luser):
                    blocker(luser["ip"])
                    now = pendulum.now().to_atom_string()
                    log.info("Blocked {0} at {1}".format(luser["ip"], now))
                    add_block(luser["ip"], now)
            TARGET.seek(0,2)
        return

notifier = Notifier(WM, EventHandler())
index = myfile.rfind("/")
WM.add_watch(myfile[:index], dirmask)

while True:
    try:
        now = pendulum.now()
        last = pendulum.parse(myConfig["last_unblock"])
        if now.diff(last).in_hours() > 1:
            myConfig["last_unblock"] = now.to_atom_string()
            save_config(myConfig)
            checkup()
        notifier.process_events()
        if notifier.check_events():
            notifier.read_events()
            # Also check any of our blocks too
    except KeyboardInterrupt:
        break

notifier.stop()
TARGET.close()
sys.exit(0)