File: auth.rb

package info (click to toggle)
mikutter 3.5.0%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 10,256 kB
  • ctags: 2,165
  • sloc: ruby: 19,079; sh: 205; makefile: 20
file content (81 lines) | stat: -rw-r--r-- 3,278 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
#-*- coding: utf-8 -*-
#
# Auth
# ログイン履歴をつぶやくプラグイン
#

require File.expand_path(File.join(File.dirname(__FILE__),'..', 'utils'))
miquire :plugin, 'plugin'
miquire :core, 'autotag'

Module.new do
  AuthDebugMode = false

  reg_sshlogin = /Accepted ([^\s]+) for ([^\s]+) from ([^\s]+) port ([^\s]+) (ssh[^\s]+)/
  localip = /^(10|127|192|169\.254|172\.(1[6-9]|2\d|30|31))\./
  size = 0
  @movable = lazy{ FileTest.readable_real?(auth_log_file) }
  logsize = lazy{ if (@movable && !AuthDebugMode) then FileTest.size(auth_log_file) else 0 end }

  plugin = Plugin::create(:auth)
  plugin.add_event(:period){ |service|
    if (log_avail? and has_newlog?) then
      log_read { |log|
        parse = reg_sshlogin.match(log)
        if parse then
          notice "auth: log receive '#{log.chomp}' > match"
          vals = parse.to_a
          vals[0] = log
          Hash[*[:log, :auth, :user, :host, :port, :protocol].zip(vals).flatten]
        else
          notice "auth: log receive '#{log.chomp}' > not match"
          nil
        end
      }.compact.each{ |log|
        if(log[:user] == "root") then
          if(localip === log[:host]) then
            # for root login by local
            return service.post(:message => "#{log[:host]}からrootでのログインを確認。",
                                :tags => [:auth,:warn])
          else
            # for root login by remote
            return service.post(:message => "#{log[:host]}からrootでのログインを確認。",
                                :tags => [:auth, :critical])
          end
        elsif(log[:auth] == "password" && !(localip === log[:host])) then
          # for password login by remote
          return service.post(:message => "#{log[:host]}からユーザ#{log[:user]}でパスワードでのログインを確認。グローバルからは公開鍵のほうがいいと思う。",
                              :tags => [:auth, :warn])
        elsif(log[:auth] == "password") then
          # for password login by local
          return service.post(:message => "#{log[:host]}からユーザ#{log[:user]}でパスワードでのログインを確認。",
                              :tags => [:auth, :notice])
        elsif(!(localip === log[:host])) then
          # for not password login by remote
          return service.post(:message => "#{log[:host]}からユーザ#{log[:user]}でのログインを確認。",
                              :tags => [:auth, :notice]) end } end }

  # 監視を実行すべきかどうかを判定する。
  # もし、一度ログを削除されていたら、@logsizeを0に設定する
  def self.log_avail?()
    if (@movable and FileTest.exist?(auth_log_file)) then
      true
    else
      logsize = 0
      false end end

  # 新しいログがあるようであれば真を返す
  def self.has_newlog?()
    logsize = FileTest.size(auth_log_file)
    logsize > logsize end

  def self.log_read(offset=logsize)
    logsize = FileTest.size(auth_log_file)
    notice "auth: read file #{auth_log_file} from #{offset} bytes"
    IO.read(logfile, nil, offset).map{ |r| yield(r) } end

  def self.auth_log_file()
    if(AuthDebugMode)
      'auth.log'
    else
      '/var/log/auth.log' end end end