Giter VIP home page Giter VIP logo

loganalyze-ip-ban-file's Introduction

Log Analyzer and Ip Extraction

Premise

Each server maintains a list of attempted and successful logins. Hackers continually attempt to gain access to systems by using common login names like "root" and others. This is valuable data that should be shared between all servers on your network, and even collected in a publicly crowdsourced list eventually.

Description

For now, this script opens a log file and searches for possible intrusion attempts. Mainly triggered by the phrase, "Failed password for". The ip address of the attempted attack is then extracted and written to a file called auto-ban.data This allows you to collect ip addresses of potential hackers without manually searching your log files.

Roadmap

Eventually, utilizing the fail2ban this script will analyze the auth.log file for attempts to log in as root and parse out the ip address of the attacker.

This script will then extract the ip address and append the fail2ban ban file, and ban them forever.

It is meant to also be utilized along with SaltStack to keep all of your servers up to date and notify each other of the attempted attacks and to ban the offending ip address.

Requirements

Configuration

  1. Included is a default.loganalyze.cfg file
  2. Copy this file and rename it to loganalyze.cfg
  3. Open it in a text editor and modify the path and file locations for your system.
  4. The loganalyze.cfg is written in yaml, so be mindful of the indentation.

Usage

After updating your system specific configuration, you can run the file manually by issuing python loganalyze.py from the command-prompt, or set it to run as a cron job at whatever interval you like. It might be a good idea to set this time to occur before your log rotations take place in order to collect enough relevant data.

To Do

  1. Use a list of phrases instead of just the individual phrase of "Failed password for". Hackers attempt to log in as "root", but also try other names of users that might not exist on your server. Log files often indicate this with, "Invalid user" followd by the user name.

  2. Integrate this collection and analysis with SALT so that each minion can collect data and share it with a master. The master can then maintain the permanent ban-file and distribute it to all minions. Sharing this information between all systems can create a proactive security approach.

loganalyze-ip-ban-file's People

Contributors

benhosmer avatar

Watchers

avatar avatar

Forkers

alambador

loganalyze-ip-ban-file's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.