init
This commit is contained in:
commit
68cd4b57da
21
ips.go
Normal file
21
ips.go
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
package hmm
|
||||||
|
|
||||||
|
import (
|
||||||
|
"regexp"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Failed password for root from 43.229.53.57 port 62954 ssh2
|
||||||
|
// message repeated 2 times: [ Failed password for root from 43.229.53.57 port 32871 ssh2]
|
||||||
|
var p = regexp.MustCompile(`Failed password for .* from (.*) port`)
|
||||||
|
|
||||||
|
// ParseIP finds the ip address from an sshd log line that contains a failed
|
||||||
|
// password attempt.
|
||||||
|
func ParseIP(line string) string {
|
||||||
|
if m := p.FindStringSubmatch(line); m != nil {
|
||||||
|
if len(m) != 2 {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
return string(m[1])
|
||||||
|
}
|
||||||
|
return ""
|
||||||
|
}
|
||||||
20
ips_test.go
Normal file
20
ips_test.go
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
package hmm
|
||||||
|
|
||||||
|
import "testing"
|
||||||
|
|
||||||
|
func TestIPs(t *testing.T) {
|
||||||
|
{
|
||||||
|
s := "Failed password for root from 43.229.53.57 port 62954 ssh2"
|
||||||
|
ip := ParseIP(s)
|
||||||
|
if ip == "" {
|
||||||
|
t.Fatalf("didn't find ip, should have")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{
|
||||||
|
s := "Oct 10 12:35:46 impa sshd[13226]: Received disconnect from 116.31.116.6 port 58923:11: [preauth]"
|
||||||
|
ip := ParseIP(s)
|
||||||
|
if ip != "" {
|
||||||
|
t.Fatalf("found ip, shouldn't have")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user