Commit 221f350d authored by Alexander Withers's avatar Alexander Withers
Browse files

more fail2ban tests for ctsc demo

parent ae72f44d
Experimental fail2ban work for ssh intel.
enabled = true
port = ssh
logpath = /tmp/ssh.txt
banaction = ufw
# Fail2Ban filter for
failregex = \S+: request with password <HOST> -> \S+ \S+ using \S+\s*$
ignoreregex =
......@@ -5,10 +5,12 @@ import zmq
import time
import json
import signal
from datetime import datetime
file = open("ssh.txt","w+")
file = open("/tmp/ssh.txt","a+")
def handle_intr(signal, frame):
print('Ctrl+C caught, exiting...')
......@@ -44,7 +46,9 @@ def show_ssh(topic, who, messagedata):
if 'password' in rec['additional_data']:
out += " {duser}:{password} using {client_version}".format(**rec['additional_data'])
print(prefix, out)
file.write(prefix+" "+out+"\n")
# this is confusing: time that event was logged, not when it occured
logtime ='%Y-%m-%d %H:%M:%S')
file.write(logtime+" "+prefix+" "+out+"\n")
def main():
topics = sys.argv[1:]
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment