-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathalert.py
More file actions
151 lines (122 loc) · 4.42 KB
/
alert.py
File metadata and controls
151 lines (122 loc) · 4.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
import time
import smtplib
import os
import difflib
from email.mime.base import MIMEBase
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email import encoders
from email.utils import COMMASPACE, formatdate
import aux
import getDates as gd
import getIPdata
########
# PARSEO
########
f = open(aux.auth_log, 'r')
if time.strftime("%H")=='00':
#Situacion especial, la hora no se puede restar y hay que calcular el dia de ayer
h = "23"
d, m, y = gd.getYesterday()
else:
#Situacion normal, restamos uno a la hora y el dia se obtiene correctamente
h = str(int(time.strftime("%H"))-1)
#Para test
#h = str(int(time.strftime("%H")))
if len(h)==1:
h = "0"+h
d = int(time.strftime("%d"))
m = time.strftime("%b")
y = int(time.strftime("%Y"))
text = ""
text2 = ""
for line in f:
if "Failed password" in line:
if m + " " + str(d) + " " + h + ":" in line or m + " " + str(d) + " " + h + ":" in line:
text += line+"\n"
if "terminating" in line or "Server listening" in line:
if m + " " + str(d) + " " + h + ":" in line or m + " " + str(d) + " " + h + ":" in line:
text2 += line+"\n"
#ip info
ip_info = getIPdata.getIPdata(text+text2)
#Diferencias fichero configuración
diff = difflib.unified_diff(open(aux.system_sshd_config).readlines(), open(aux.trusted_sshd_config).readlines(), n=0)
diff = list(diff)
#print(len(diff))
#for cosa in diff:
# print(cosa)
########
# ENVIO
########
if text=="" and text2=="" and len(diff)==0:
exit() #Today nothing happend
end1 = "Sent using SSH-Alert:"
end2 = "https://github.com/manurs/SSH-Alert"
server = smtplib.SMTP(aux.smtp)
server.ehlo()
server.starttls()
server.login(aux.fromaddr,aux.pas)
subj= h +"h - "+ str(d) + time.strftime("/%m/%Y")
text = text.replace("\n", "<br>")
text2 = text2.replace("\n", "<br>")
start = subj+"<br>============================<br><br></b></big>"
start2 = subj+"<br>=========================<br><br></b></big>"
end = "<b><big>================================<br>"+end1+"<br>"+end2+"<br>================================<b></big>"
########
# PASS
########
if text != "":
text = "<b><u><big>SSHD Events</b></u></bigbig><br><br>" + text
msg = "\r\n".join([
"From: " + aux.fromaddr,
"To: " + aux.toaddrs,
"MIME-Version: 1.0",
"Content-type: text/html",
"Subject: SSH-Alert: Failed password "+subj,
"",
"<b><big>============================<br>Failed password - " + start + text + ip_info + end
])
server.sendmail(aux.fromaddr, aux.toaddrs, msg)
######################
# RESET & CONFIG FILE
#######################
if text2=="" and len(diff)==0:
# No hay ni mensaje ni diferencias
server.quit()
exit()
text_diff = ""
if text2 == "":
text_diff = "Nothing about reset on your auth_log file but changes between system and trusted sshd_config.<br>A) somebody made changes to the sshd_config file but edited the log to hide the server restart<br>B) restart pending<br>Take a look at the differences file.<br><br>"
elif len(diff)==0:
text_diff = "Reset without changes in the sshd_config.<br>(This only means system and trusted sshd_config have no diferences).<br><br>"
else:
text_diff = "Reset with changes in the sshd_config.<br>Take a look at the differences file.<br><br>"
text2 = "<b><u><big>SSHD Events</b></u></bigbig><br><br>" + text2
text_diff = "<b><u><big>Attention!!</b></u></bigbig><br><br>" + text_diff
msg = MIMEMultipart()
msg['From'] = aux.fromaddr
msg['To'] = aux.toaddrs
msg['Date'] = formatdate(localtime = True)
msg['Subject'] = "SSH-Alert: Reset server " + subj
msg.attach( MIMEText("<b><big>=========================<br>Reset server - " + start2 + text2 + text_diff + end, 'HTML') )
#File
part = MIMEBase('application', "octet-stream")
part.set_payload( open(aux.system_sshd_config,"rb").read() )
encoders.encode_base64(part)
part.add_header('Content-Disposition', 'attachment; filename="system_sshd_config.txt"')
msg.attach(part)
if len(diff)!=0:
#File
part = MIMEBase('application', "octet-stream")
part.set_payload( open(aux.trusted_sshd_config,"rb").read() )
encoders.encode_base64(part)
part.add_header('Content-Disposition', 'attachment; filename="trusted_sshd_config.txt"')
msg.attach(part)
#File
part = MIMEBase('application', "octet-stream")
part.set_payload('\n'.join(diff))
encoders.encode_base64(part)
part.add_header('Content-Disposition', 'attachment; filename="diff_sshd_config.txt"')
msg.attach(part)
server.sendmail(aux.fromaddr, aux.toaddrs, msg.as_string())
server.quit()