Commit 221f350d authored by Alexander Withers's avatar Alexander Withers

more fail2ban tests for ctsc demo

parent ae72f44d
Experimental fail2ban work for ssh intel.
[sshsub]
enabled = true
port = ssh
logpath = /tmp/ssh.txt
banaction = ufw
# Fail2Ban filter for subssh.py
[Definition]
failregex = \S+: request with password <HOST> -> \S+ \S+ using \S+\s*$
ignoreregex =
......@@ -5,10 +5,12 @@ import zmq
import time
import json
import signal
from datetime import datetime
host='localhost'
file = open("ssh.txt","w+")
file = open("/tmp/ssh.txt","a+")
def handle_intr(signal, frame):
print('Ctrl+C caught, exiting...')
......@@ -44,7 +46,9 @@ def show_ssh(topic, who, messagedata):
if 'password' in rec['additional_data']:
out += " {duser}:{password} using {client_version}".format(**rec['additional_data'])
print(prefix, out)
file.write(prefix+" "+out+"\n")
# this is confusing: time that event was logged, not when it occured
logtime = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
file.write(logtime+" "+prefix+" "+out+"\n")
def main():
topics = sys.argv[1:]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment