This commit is contained in:
Stephen McQuay 2017-05-12 13:33:21 -07:00
commit 68cd4b57da
No known key found for this signature in database
GPG Key ID: 1ABF428F71BAFC3D
2 changed files with 41 additions and 0 deletions

21
ips.go Normal file
View File

@ -0,0 +1,21 @@
package hmm
import (
"regexp"
)
// Failed password for root from 43.229.53.57 port 62954 ssh2
// message repeated 2 times: [ Failed password for root from 43.229.53.57 port 32871 ssh2]
var p = regexp.MustCompile(`Failed password for .* from (.*) port`)
// ParseIP finds the ip address from an sshd log line that contains a failed
// password attempt.
func ParseIP(line string) string {
if m := p.FindStringSubmatch(line); m != nil {
if len(m) != 2 {
return ""
}
return string(m[1])
}
return ""
}

20
ips_test.go Normal file
View File

@ -0,0 +1,20 @@
package hmm
import "testing"
func TestIPs(t *testing.T) {
{
s := "Failed password for root from 43.229.53.57 port 62954 ssh2"
ip := ParseIP(s)
if ip == "" {
t.Fatalf("didn't find ip, should have")
}
}
{
s := "Oct 10 12:35:46 impa sshd[13226]: Received disconnect from 116.31.116.6 port 58923:11: [preauth]"
ip := ParseIP(s)
if ip != "" {
t.Fatalf("found ip, shouldn't have")
}
}
}