Python!

Discussion in 'School Work Help' started by hongkongboy, Mar 23, 2010.

  1. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0
    [FONT=&quot]Produce a working program, with verbose commentary, based on the following requirements:[/FONT]

    [FONT=&quot]Detailed Requirements:[/FONT]
    [FONT=&quot]You have been put in charge of administering a Linux system. Create a Python program and that will parse the syslog file on Blackboard and perform the following:[/FONT]
    [FONT=&quot]1. Find how many times an attempt was made to login with the root account.[/FONT]
    [FONT=&quot]2. If certain IP addresses have more than 10 failed attempts, create a blacklist file (blacklistips.txt) and save the IP addresses within it.[/FONT]
    [FONT=&quot]3. Identify how many attacks were logged per day.[/FONT]
    [FONT=&quot]4. Identify how many attacks were logged, per day, per IP.[/FONT]


    syslog file

    Jan 10 09:32:07 j4-be03 sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:32:09 j4-be03 sshd[3876]: Failed password for root from 218.241.173.35 port 47084 ssh2
    Jan 10 09:32:17 j4-be03 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:32:19 j4-be03 sshd[3879]: Failed password for root from 218.241.173.35 port 47901 ssh2
    Jan 10 09:32:26 j4-be03 sshd[3881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:32:29 j4-be03 sshd[3881]: Failed password for root from 218.241.173.35 port 48652 ssh2
    Jan 10 09:32:36 j4-be03 sshd[3883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:32:39 j4-be03 sshd[3883]: Failed password for root from 218.241.173.35 port 49439 ssh2
    Jan 10 09:32:46 j4-be03 sshd[3885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:32:48 j4-be03 sshd[3885]: Failed password for root from 218.241.173.35 port 50212 ssh2
    Jan 10 09:32:55 j4-be03 sshd[3887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:32:58 j4-be03 sshd[3887]: Failed password for root from 218.241.173.35 port 50946 ssh2
    Jan 10 09:33:05 j4-be03 sshd[3889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:33:07 j4-be03 sshd[3889]: Failed password for root from 218.241.173.35 port 51688 ssh2
    Jan 10 09:33:14 j4-be03 sshd[3891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:33:16 j4-be03 sshd[3891]: Failed password for root from 218.241.173.35 port 52409 ssh2
    Jan 10 09:33:24 j4-be03 sshd[3893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:33:26 j4-be03 sshd[3893]: Failed password for root from 218.241.173.35 port 53149 ssh2
    Jan 10 09:33:33 j4-be03 sshd[3895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:33:35 j4-be03 sshd[3895]: Failed password for root from 218.241.173.35 port 53888 ssh2
    Jan 10 09:33:43 j4-be03 sshd[3897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:33:45 j4-be03 sshd[3897]: Failed password for root from 218.241.173.35 port 54590 ssh2
    Jan 10 09:33:53 j4-be03 sshd[3899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:33:54 j4-be03 sshd[3899]: Failed password for root from 218.241.173.35 port 55269 ssh2
    Jan 10 09:34:02 j4-be03 sshd[3901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:34:04 j4-be03 sshd[3901]: Failed password for root from 218.241.173.35 port 55946 ssh2
    Jan 10 09:34:11 j4-be03 sshd[3903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:34:13 j4-be03 sshd[3903]: Failed password for root from 218.241.173.35 port 56630 ssh2
    Jan 10 09:34:21 j4-be03 sshd[3905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 09:34:23 j4-be03 sshd[3905]: Failed password for root from 218.241.173.35 port 57295 ssh2
    Jan 10 09:34:31 j4-be03 sshd[3907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
    Jan 10 01:55:04 j4-be03 sshd[2342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:07 j4-be03 sshd[2342]: Failed password for root from 213.251.192.26 port 33366 ssh2
    Jan 10 01:55:07 j4-be03 sshd[2350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:09 j4-be03 sshd[2350]: Failed password for root from 213.251.192.26 port 34041 ssh2
    Jan 10 01:55:10 j4-be03 sshd[2355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:12 j4-be03 sshd[2355]: Failed password for root from 213.251.192.26 port 34450 ssh2
    Jan 10 01:55:12 j4-be03 sshd[2360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:14 j4-be03 sshd[2360]: Failed password for root from 213.251.192.26 port 34931 ssh2
    Jan 10 01:55:15 j4-be03 sshd[2430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:18 j4-be03 sshd[2430]: Failed password for root from 213.251.192.26 port 35364 ssh2
    Jan 10 01:55:18 j4-be03 sshd[2436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:20 j4-be03 sshd[2436]: Failed password for root from 213.251.192.26 port 35940 ssh2
    Jan 10 01:55:21 j4-be03 sshd[2441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:22 j4-be03 sshd[2441]: Failed password for root from 213.251.192.26 port 36334 ssh2
    Jan 10 01:55:23 j4-be03 sshd[2446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:24 j4-be03 sshd[2446]: Failed password for root from 213.251.192.26 port 36767 ssh2
    Jan 10 01:55:25 j4-be03 sshd[2451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:27 j4-be03 sshd[2451]: Failed password for root from 213.251.192.26 port 37083 ssh2
    Jan 10 01:55:28 j4-be03 sshd[2457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:30 j4-be03 sshd[2457]: Failed password for root from 213.251.192.26 port 37520 ssh2
    Jan 10 01:55:31 j4-be03 sshd[2463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:33 j4-be03 sshd[2463]: Failed password for root from 213.251.192.26 port 38137 ssh2
    Jan 10 01:55:34 j4-be03 sshd[2469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:36 j4-be03 sshd[2469]: Failed password for root from 213.251.192.26 port 38620 ssh2
    Jan 10 01:55:37 j4-be03 sshd[2474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=phone.nline.ru user=root
    Jan 10 01:55:38 j4-be03 sshd[2474]: Failed password for root from 213.251.192.26 port 39198 ssh2
    Feb 7 17:18:42 j4-be03 sshd[10719]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:18:42 j4-be03 sshd[10719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:18:45 j4-be03 sshd[10719]: Failed password for root from 89.249.209.92 port 43374 ssh2
    Feb 7 17:18:47 j4-be03 sshd[10722]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:18:47 j4-be03 sshd[10722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:18:49 j4-be03 sshd[10722]: Failed password for root from 89.249.209.92 port 43788 ssh2
    Feb 7 17:18:51 j4-be03 sshd[10724]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:18:51 j4-be03 sshd[10724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:18:53 j4-be03 sshd[10724]: Failed password for root from 89.249.209.92 port 44130 ssh2
    Feb 7 17:18:55 j4-be03 sshd[10726]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:18:55 j4-be03 sshd[10726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:18:57 j4-be03 sshd[10726]: Failed password for root from 89.249.209.92 port 44505 ssh2
    Feb 7 17:18:59 j4-be03 sshd[10728]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:18:59 j4-be03 sshd[10728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:19:01 j4-be03 sshd[10728]: Failed password for root from 89.249.209.92 port 44844 ssh2
    Feb 7 17:19:03 j4-be03 sshd[10730]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:03 j4-be03 sshd[10730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:19:05 j4-be03 sshd[10730]: Failed password for root from 89.249.209.92 port 45148 ssh2
    Feb 7 17:19:07 j4-be03 sshd[10732]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:07 j4-be03 sshd[10732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:19:09 j4-be03 sshd[10732]: Failed password for root from 89.249.209.92 port 45514 ssh2
    Feb 7 17:19:11 j4-be03 sshd[10734]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:11 j4-be03 sshd[10734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:19:13 j4-be03 sshd[10734]: Failed password for root from 89.249.209.92 port 45839 ssh2
    Feb 7 17:19:14 j4-be03 sshd[10736]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:14 j4-be03 sshd[10736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:19:16 j4-be03 sshd[10736]: Failed password for root from 89.249.209.92 port 46139 ssh2
    Feb 7 17:19:18 j4-be03 sshd[10738]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:18 j4-be03 sshd[10738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:19:20 j4-be03 sshd[10738]: Failed password for root from 89.249.209.92 port 46424 ssh2
    Feb 7 17:19:22 j4-be03 sshd[10740]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:22 j4-be03 sshd[10740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:19:24 j4-be03 sshd[10740]: Failed password for root from 89.249.209.92 port 46752 ssh2
    Feb 7 17:19:26 j4-be03 sshd[10742]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:26 j4-be03 sshd[10742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:19:27 j4-be03 sshd[10742]: Failed password for root from 89.249.209.92 port 47019 ssh2
    Feb 7 17:19:29 j4-be03 sshd[10744]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:29 j4-be03 sshd[10744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92 user=root
    Feb 7 17:19:32 j4-be03 sshd[10744]: Failed password for root from 89.249.209.92 port 47273 ssh2
    Feb 7 17:19:34 j4-be03 sshd[10746]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:34 j4-be03 sshd[10746]: Invalid user oracle from 89.249.209.92
    Feb 7 17:19:34 j4-be03 sshd[10746]: pam_unix(sshd:auth): check pass; user unknown
    Feb 7 17:19:34 j4-be03 sshd[10746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92
    Feb 7 17:19:35 j4-be03 sshd[10746]: Failed password for invalid user oracle from 89.249.209.92 port 47640 ssh2
    Feb 7 17:19:37 j4-be03 sshd[10748]: reverse mapping checking getaddrinfo for host-ip92-209-249-89.wise.net.lb [89.249.209.92] failed - POSSIBLE BREAK-IN ATTEMPT!
    Feb 7 17:19:37 j4-be03 sshd[10748]: Invalid user test from 89.249.209.92
    Feb 7 17:19:37 j4-be03 sshd[10748]: pam_unix(sshd:auth): check pass; user unknown
    Feb 7 17:19:37 j4-be03 sshd[10748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.249.209.92
    Feb 7 17:19:38 j4-be03 sshd[10748]: Failed password for invalid user test from 89.249.209.92 port 53973 ssh2
    Feb 8 05:04:18 j4-be03 sshd[21221]: Invalid user staff from 66.30.90.148
    Feb 8 05:04:18 j4-be03 sshd[21221]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:18 j4-be03 sshd[21221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:21 j4-be03 sshd[21221]: Failed password for invalid user staff from 66.30.90.148 port 46280 ssh2
    Feb 8 05:04:22 j4-be03 sshd[21224]: Invalid user sales from 66.30.90.148
    Feb 8 05:04:22 j4-be03 sshd[21224]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:22 j4-be03 sshd[21224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:24 j4-be03 sshd[21224]: Failed password for invalid user sales from 66.30.90.148 port 46587 ssh2
    Feb 8 05:04:25 j4-be03 sshd[21226]: Invalid user recruit from 66.30.90.148
    Feb 8 05:04:25 j4-be03 sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:25 j4-be03 sshd[21226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:27 j4-be03 sshd[21226]: Failed password for invalid user recruit from 66.30.90.148 port 46808 ssh2
    Feb 8 05:04:28 j4-be03 sshd[21228]: Invalid user alias from 66.30.90.148
    Feb 8 05:04:28 j4-be03 sshd[21228]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:28 j4-be03 sshd[21228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:30 j4-be03 sshd[21228]: Failed password for invalid user alias from 66.30.90.148 port 47036 ssh2
    Feb 8 05:04:31 j4-be03 sshd[21230]: Invalid user office from 66.30.90.148
    Feb 8 05:04:31 j4-be03 sshd[21230]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:31 j4-be03 sshd[21230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:33 j4-be03 sshd[21230]: Failed password for invalid user office from 66.30.90.148 port 47250 ssh2
    Feb 8 05:04:34 j4-be03 sshd[21232]: Invalid user samba from 66.30.90.148
    Feb 8 05:04:34 j4-be03 sshd[21232]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:34 j4-be03 sshd[21232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:36 j4-be03 sshd[21232]: Failed password for invalid user samba from 66.30.90.148 port 47451 ssh2
    Feb 8 05:04:37 j4-be03 sshd[21234]: Invalid user tomcat from 66.30.90.148
    Feb 8 05:04:37 j4-be03 sshd[21234]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:37 j4-be03 sshd[21234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:40 j4-be03 sshd[21234]: Failed password for invalid user tomcat from 66.30.90.148 port 47679 ssh2
    Feb 8 05:04:41 j4-be03 sshd[21236]: Invalid user webadmin from 66.30.90.148
    Feb 8 05:04:41 j4-be03 sshd[21236]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:41 j4-be03 sshd[21236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:43 j4-be03 sshd[21236]: Failed password for invalid user webadmin from 66.30.90.148 port 47914 ssh2
    Feb 8 05:04:44 j4-be03 sshd[21238]: Invalid user spam from 66.30.90.148
    Feb 8 05:04:44 j4-be03 sshd[21238]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:44 j4-be03 sshd[21238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:46 j4-be03 sshd[21238]: Failed password for invalid user spam from 66.30.90.148 port 48173 ssh2
    Feb 8 05:04:47 j4-be03 sshd[21240]: Invalid user virus from 66.30.90.148
    Feb 8 05:04:47 j4-be03 sshd[21240]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:47 j4-be03 sshd[21240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:49 j4-be03 sshd[21240]: Failed password for invalid user virus from 66.30.90.148 port 48752 ssh2
    Feb 8 05:04:50 j4-be03 sshd[21242]: Invalid user cyrus from 66.30.90.148
    Feb 8 05:04:50 j4-be03 sshd[21242]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:50 j4-be03 sshd[21242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:52 j4-be03 sshd[21242]: Failed password for invalid user cyrus from 66.30.90.148 port 49327 ssh2
    Feb 8 05:04:53 j4-be03 sshd[21244]: Invalid user oracle from 66.30.90.148
    Feb 8 05:04:53 j4-be03 sshd[21244]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:53 j4-be03 sshd[21244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:55 j4-be03 sshd[21244]: Failed password for invalid user oracle from 66.30.90.148 port 49536 ssh2
    Feb 8 05:04:56 j4-be03 sshd[21246]: Invalid user michael from 66.30.90.148
    Feb 8 05:04:56 j4-be03 sshd[21246]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:56 j4-be03 sshd[21246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:04:58 j4-be03 sshd[21246]: Failed password for invalid user michael from 66.30.90.148 port 50167 ssh2
    Feb 8 05:04:59 j4-be03 sshd[21248]: Invalid user ftp from 66.30.90.148
    Feb 8 05:04:59 j4-be03 sshd[21248]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 05:04:59 j4-be03 sshd[21248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.30.90.148
    Feb 8 05:05:01 j4-be03 sshd[21248]: Failed password for invalid user ftp from 66.30.90.148 port 50734 ssh2
    Feb 8 06:15:18 j4-be03 sshd[21221]: Invalid user staff from 72.153.93.203
    Feb 8 06:15:18 j4-be03 sshd[21221]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:18 j4-be03 sshd[21221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:21 j4-be03 sshd[21221]: Failed password for invalid user staff from 72.153.93.203 port 46280 ssh2
    Feb 8 06:15:22 j4-be03 sshd[21224]: Invalid user sales from 72.153.93.203
    Feb 8 06:15:22 j4-be03 sshd[21224]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:22 j4-be03 sshd[21224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:24 j4-be03 sshd[21224]: Failed password for invalid user sales from 72.153.93.203 port 46587 ssh2
    Feb 8 06:15:25 j4-be03 sshd[21226]: Invalid user recruit from 72.153.93.203
    Feb 8 06:15:25 j4-be03 sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:25 j4-be03 sshd[21226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:27 j4-be03 sshd[21226]: Failed password for invalid user recruit from 72.153.93.203 port 46808 ssh2
    Feb 8 06:15:28 j4-be03 sshd[21228]: Invalid user alias from 72.153.93.203
    Feb 8 06:15:28 j4-be03 sshd[21228]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:28 j4-be03 sshd[21228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:30 j4-be03 sshd[21228]: Failed password for invalid user alias from 72.153.93.203 port 47036 ssh2
    Feb 8 06:15:31 j4-be03 sshd[21230]: Invalid user office from 72.153.93.203
    Feb 8 06:15:31 j4-be03 sshd[21230]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:31 j4-be03 sshd[21230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:33 j4-be03 sshd[21230]: Failed password for invalid user office from 72.153.93.203 port 47250 ssh2
    Feb 8 06:15:34 j4-be03 sshd[21232]: Invalid user samba from 72.153.93.203
    Feb 8 06:15:34 j4-be03 sshd[21232]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:34 j4-be03 sshd[21232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:36 j4-be03 sshd[21232]: Failed password for invalid user samba from 72.153.93.203 port 47451 ssh2
    Feb 8 06:15:37 j4-be03 sshd[21234]: Invalid user tomcat from 72.153.93.203
    Feb 8 06:15:37 j4-be03 sshd[21234]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:37 j4-be03 sshd[21234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:40 j4-be03 sshd[21234]: Failed password for invalid user tomcat from 72.153.93.203 port 47679 ssh2
    Feb 8 06:15:41 j4-be03 sshd[21236]: Invalid user webadmin from 72.153.93.203
    Feb 8 06:15:41 j4-be03 sshd[21236]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:41 j4-be03 sshd[21236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:43 j4-be03 sshd[21236]: Failed password for invalid user webadmin from 72.153.93.203 port 47914 ssh2
    Feb 8 06:15:44 j4-be03 sshd[21238]: Invalid user spam from 72.153.93.203
    Feb 8 06:15:44 j4-be03 sshd[21238]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:44 j4-be03 sshd[21238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:46 j4-be03 sshd[21238]: Failed password for invalid user spam from 72.153.93.203 port 48173 ssh2
    Feb 8 06:15:47 j4-be03 sshd[21240]: Invalid user virus from 72.153.93.203
    Feb 8 06:15:47 j4-be03 sshd[21240]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:47 j4-be03 sshd[21240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:49 j4-be03 sshd[21240]: Failed password for invalid user virus from 72.153.93.203 port 48752 ssh2
    Feb 8 06:15:50 j4-be03 sshd[21242]: Invalid user cyrus from 72.153.93.203
    Feb 8 06:15:50 j4-be03 sshd[21242]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:50 j4-be03 sshd[21242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:52 j4-be03 sshd[21242]: Failed password for invalid user cyrus from 72.153.93.203 port 49327 ssh2
    Feb 8 06:15:53 j4-be03 sshd[21244]: Invalid user oracle from 72.153.93.203
    Feb 8 06:15:53 j4-be03 sshd[21244]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:53 j4-be03 sshd[21244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:55 j4-be03 sshd[21244]: Failed password for invalid user oracle from 72.153.93.203 port 49536 ssh2
    Feb 8 06:15:56 j4-be03 sshd[21246]: Invalid user michael from 72.153.93.203
    Feb 8 06:15:56 j4-be03 sshd[21246]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:56 j4-be03 sshd[21246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:15:58 j4-be03 sshd[21246]: Failed password for invalid user michael from 72.153.93.203 port 50167 ssh2
    Feb 8 06:15:59 j4-be03 sshd[21248]: Invalid user ftp from 72.153.93.203
    Feb 8 06:15:59 j4-be03 sshd[21248]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 06:15:59 j4-be03 sshd[21248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.153.93.203
    Feb 8 06:16:01 j4-be03 sshd[21248]: Failed password for invalid user ftp from 72.153.93.203 port 50734 ssh2
    Feb 8 07:20:47 j4-be03 sshd[21240]: Invalid user oracle from 92.152.92.123
    Feb 8 07:20:47 j4-be03 sshd[21240]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 07:20:47 j4-be03 sshd[21240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.152.92.123
    Feb 8 07:20:49 j4-be03 sshd[21240]: Failed password for invalid user oracle from 92.152.92.123 port 48752 ssh2
    Feb 8 07:20:50 j4-be03 sshd[21242]: Invalid user oracle from 92.152.92.123
    Feb 8 07:20:50 j4-be03 sshd[21242]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 07:20:50 j4-be03 sshd[21242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.152.92.123
    Feb 8 07:20:52 j4-be03 sshd[21242]: Failed password for invalid user oracle from 92.152.92.123 port 49327 ssh2
    Feb 8 07:20:53 j4-be03 sshd[21244]: Invalid user oracle from 92.152.92.123
    Feb 8 07:20:53 j4-be03 sshd[21244]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 07:20:53 j4-be03 sshd[21244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.152.92.123
    Feb 8 07:20:55 j4-be03 sshd[21244]: Failed password for invalid user oracle from 92.152.92.123 port 49536 ssh2
    Feb 8 07:20:56 j4-be03 sshd[21246]: Invalid user oracle from 92.152.92.123
    Feb 8 07:20:56 j4-be03 sshd[21246]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 07:20:56 j4-be03 sshd[21246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.152.92.123
    Feb 8 07:20:58 j4-be03 sshd[21246]: Failed password for invalid user oracle from 92.152.92.123 port 50167 ssh2
    Feb 8 07:20:59 j4-be03 sshd[21248]: Invalid user oracle from 92.152.92.123
    Feb 8 07:20:59 j4-be03 sshd[21248]: pam_unix(sshd:auth): check pass; user unknown
    Feb 8 07:20:59 j4-be03 sshd[21248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.152.92.123
    Feb 8 07:21:01 j4-be03 sshd[21248]: Failed password for invalid user oracle from 92.152.92.123 port 50734 ssh2



    i dont have a clue in python anyone help
     
    #1 hongkongboy, Mar 23, 2010
    Last edited: Mar 23, 2010
  2. woooooo BlackBoard... are you referring to UofT's academic web application? or is this just an assignment?

    also, are you tasked with writing the parser yourself? or can you use any logparser to parse this syslog?

    it's been a while i haven't done python.. i miss it =)
     
  3. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0
    this is the actually assignment i dont know what u mean by the parser log file tbh btw i just edit the syslog i posted the weong one updated the new one now
     
  4. ok so what parsing means, is to analyze a text and determine the contents of this text by understanding its structure.

    a parser is a component which interprets this text.

    so what a log parser is, is a component that goes through the log you specified, and finds you the information you need.

    now i was just asking, is your task to write this component?
     
  5. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0
    that is what i need to do! lol

    I was talking to my mate earlier and he done question one and give me this code which is similar to what i need to do but change a few things. The code is below:

    #!/usr/bin/python

    #open the syslog file
    myFile = open('syslog','r')

    #the NT counter
    counter_nt = 0

    print 'Start of Debug messages'

    #go through each line of the file and return it to the variable line
    for line in myFile.readlines():
    #split each line based on the space
    list_of_line = line.split(' ')

    #print list_of_line

    #check if NT: exists at position 4 of list_of_line
    if 'NT:' in list_of_line[4]:
    print 'NT'
    #since we found NT: we can count it now with counter_nt
    counter_nt = counter_nt + 1


    print '\nEnd of Debug messages\n\n' # \n will print a new

    print 'Answers:\n'
    print 'Number of NT events:', counter_nt
    #or
    print 'Number of NT events: ' + str(counter_nt) # str() will convert any type into a string.


    Link to code -->http://codepaste.net/3d8jhk
     
  6. yea exactly. that part will get you the count of a string pattern in each line of the text, which answers your first question.

    the second part requires you to store IPs and keeping track of the counts for each IP. so what I would do, is create a Dictionary (Hashmap in Java), create an entry for each IP that appears. if the dict contains the key (IP), take the value of the entry, add one. if it doesn't contain that item in the dict, create the item, and add a count of 1.

    you could even create a dictionary for user accounts that were used to log in as well.

    once you have the dictionary(ies), you basically solve question number 3 and number 4. number 3 will require you to add up all of the values together. number for requires you to fetch the correct IP from the keys, and get the associated value.
     
  7. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0
    right the answer to question 1 is 41 root

    got it working now

    now question 2!!!!!! rawrrrrrrr
     
    #7 hongkongboy, Mar 23, 2010
    Last edited: Mar 24, 2010
  8. if i may, i'd suggest you make it so that instead of making one program for each question (which means 4 programs), make one program for all 4 questions.

    this means, create a dictionary which stores the answer of all 4 questions, and for each question, refer back to the dictionary and print the answer.
     
  9. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0
    i would love to but i dont a clue how do just put all bitch of code together?
     
  10. well, basically, you make a dictionary (also known as HashMap in Java), you parse the text like you did with the 'root' user, you store it into this dictionary, and you store other info in this dictionary, like IPs, counts, etc..

    in the end, all you need to do is call upon the info in the dictionary to print out.
     
  11. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0
    sorry but i do have no idea how to do question 2 can u supply with similar code how to write a file or even create a file.

    i dont know how to read a IP address from a text file, dan can u help pleaseeeeeeeee i give u many thanks LOL
     
    #11 hongkongboy, Mar 24, 2010
    Last edited: Mar 24, 2010
  12. one thing you should probably know, i HATE supplying people with code, because you can't learn without doing it yourself.

    i'll give you pointers to the right direction but that's it.

    look up the concept of "dictionaries".

    a dictionary is basically like a list of pairs, {(key1, value), (key2, value), ..., (keyn, value)}

    so create a dictionary = {}

    for each new IP address, create an entry in this dictionary, and set the value to a count of 1.
    for each existing IP address in the dictionary, get the value of the IP, and add one.

    in the end you should have a dictionary that looks something like this:

    dictionary = {(IP1, n_count), (IP2, n_count), ..., (IPN, n_count)}

    for each IP_address in the dictionary, if the value is greater or equal to 10, print the IP address.
     
  13. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0
    yeh fair play but what if ive spend many hours doing programming coding python visual studio and still dont understand even with many lecturers helping me, i think that programming is something u cant really learn or teach unless you start very early at a age

    i don know anyone who is average at programming, either u know shit all headless chicken like me or a complete pr0

    update: fuck spent over 3 hours on question 2!!!!

    question 3 here i come! rawrrrrrrrr

    dan hope ur still here to support me
     
    #13 hongkongboy, Mar 24, 2010
    Last edited: Mar 24, 2010
  14. lol i only started to program in my first year of university

    programming just requires some analytics. im average at programming, i can program something, but no way in hell am i a pro. i do shit all wrong at work. programming is a language, if you have the aptitude for languages and a basic sense of analytical thinking, you can program.

    look at this line:

    Code:
    Jan 10 09:32:09 j4-be03 sshd[3876]: Failed password for root from 218.241.173.35 port 47084 ssh2
    break it up into components.

    Is this a failed attempt? yes. from "Failed password"
    what is the IP? 218.241.173.35

    using what you wrote for question 1, if line contains "Failed password", then this is a failed attempt.
    using what you wrote for question 1, get the 15 digit string from the line, after "from "
    dict = {} #creates a dictionary
    get the keys from the dictionary. if the keys contain the IP address, get the dictionary item in question, get the value, add 1
    if the IP is not in the dictionary, create a new dictionary item, where the key = IP address, and the value = 1
    once you finish going through all the lines, iterate through all of your dictionary items. if there is one item where the value is greater than 10, print out the IP of that item.

    i can't put it any simpler unless i write the code for you, which i refuse to do. sorry
     
  15. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0

    thank u very much but you could have posted that earlier i finish question 2 i used regular expressions very complex but worked

    on question 3 now
     
  16. well im SORRY for trying to help >.>

    my previous post was identical to the post before that. i figured you'd understand the previous post before my last one, so i'm sorry i didn't simplify it further for you. >.>

    w/e im out of this thread. good luck to you.
     
  17. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0
  18. wow lol

    so just because i don't give you the code so you may learn, and even gave you some direction as to how you can write the code, you call me a tool?

    you're welcome, ungrateful jackass. go fail school

    edit: mods, please close this thread, it's fucking useless. it's going to turn into a flame war soon.
     
    #18 Dan, Mar 24, 2010
    Last edited: Mar 24, 2010
  19. hongkongboy

    hongkongboy Well-Known Member

    707
    68
    0
    hope you die too lol

    ye close this thread i found out a few people found out im using this forum

    i remove some of my codes already whole uni people using them

    tbh i posted this assigment up cos i need help note what i said i had no clue in python and thought i will try a sneaky trick and get some answer and tbh you just a useless fuck that talk shit just that lectures

    if i dont understand python i dont understand i ask a question but u come bak with anthor question your just one of those useless programming geeks/lecures think they solid with stuff and mr perfect bla bla bla

    i mean you could me told from the start u are not willing to give any codes wat so ever
    rather taking me in circle talking shit

    but fair play dan thanks for replying

    but thanks for nothing more like haha

    one more thing you said u told me "how" to write the code but tbh you didnt, you said a whole butch of jardon tooo technical buddy
     
  20. i gave you the logic for your code. the logic is the harder part of programming. python syntax is easy to figure out.

    i gave you the logic, so you can focus on the actual implementation of the code, which is the easy part. i might as well have done the whole assignment for you and put my name on your assignment.

    ain't my fault you couldn't figure out the rest -shrug