📄 log_badlogins
字号:
#!/usr/bin/perl## Log failed logins in the sql database# Works with mysql and postgresql# It will read the sql parameters from the admin.conf file## Usage:# log_badlogins <radius.log> [<admin.conf>] [all]## Defaults:# radius.log: none# admin.conf: /usr/local/dialup_admin/conf/admin.conf # all: no. Go to the end of the file. Don't read it all.use Date::Manip qw(ParseDate UnixDate);use Digest::MD5;$|=1;$file=shift||'none';$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';$all_file=shift||'no';## Uncomment to force inserts even if there are sql errors. That can# help in case there is one sql query which stops the whole failed# logins logging system from working#$force=1;### CHANGE THESE TO MATCH YOUR SETUP##$regexp = 'from client localhost port 135|from client blabla ';$tmpfile='/var/tmp/sql.input';##open CONF, "<$conf" or die "Could not open configuration file\n";while(<CONF>){ chomp; ($key,$val)=(split /:\s*/,$_); # Fixme : recursivly solve %{.*} replacement for $val # Fixme: Conf should be put in an associative array $sql_type = $val if ($key eq 'sql_type'); $sql_server = $val if ($key eq 'sql_server'); $sql_username = $val if ($key eq 'sql_username'); $sql_password = $val if ($key eq 'sql_password'); $sql_database = $val if ($key eq 'sql_database'); $sql_accounting_table = $val if ($key eq 'sql_accounting_table'); $realm_strip = $val if ($key eq 'general_strip_realms'); $realm_del = $val if ($key eq 'general_realm_delimiter'); $realm_for = $val if ($key eq 'general_realm_format'); $domain = $val if ($key eq 'general_domain'); $sql_timeout = $val if ($key eq 'sql_connect_timeout'); $sql_extra = $val if ($key eq 'sql_extra_servers'); $sqlcmd = $val if ($key eq 'sql_command'); $clients= $val if ($key eq 'general_clients_conf');}close CONF;open CLIENTS, "<$clients" or die "Could not open $clients file\n";while(<CLIENTS>){ chomp; s/^\s*//g; s/\s*#.*//g; if (!/^\s*$/ && /=/) { ($key,$val)=(split /\s*=\s*/,$_); $client_short = $val if ($key eq 'shortname'); } else { if (/\{/) { s/.*client\s+([^\s]*)\s+\{.*$/\1/; if (/^\d+\.\d+\.\d+\.\d+/) { $client = $_; } else { if (/\./ || /localhost/) { $name = $_ ; } else { $name = $_.".".$domain; } $addr = gethostbyname $name; ($a,$b,$c,$d)=unpack('C4',$addr); $client = "$a.$b.$c.$d";#DEBUG# print $name." = ".$client."\n"; } } else { if (/\}/) { $client_array{$client_short} .= $client; } } }}close CLIENTS;$realm_del = '@' if ($realm_del eq '');$realm_for = 'suffix' if ($realm_for eq '');$pass = ($sql_password ne '') ? "-p$sql_password" : '';die "SQL server not defined\n" if ($sql_server eq '');die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n" if (! -x $sqlcmd);$opt = "";$opt = "-O connect_timeout=$sql_timeout" if ($sql_timeout);$opt .= " -f" if ($force);@servers = (split /\s+/,$sql_extra) if ($sql_extra ne '');unshift @servers, $sql_server;open LOG, "<$file" or die "Could not open file $file\n";seek LOG, 0, 2 if ($all_file eq 'no');for(;;){ while(<LOG>){ $do=0; chomp; next if ($regexp ne '' && !/$regexp/); if ($_ ne ''){ $user = $nas = $port = $caller = '-'; if (/Login incorrect/){ if (/Login incorrect \((.+?)\):/){ $cause = "Login-Incorrect ($1)"; }else{ $cause='Login-Incorrect'; } $do=1; } elsif (/Invalid user/){ if (/Invalid user \((.+?)\):/){ $cause = "Invalid-User ($1)"; }else{ $cause='Invalid-User'; } $do=1; } elsif (/Multiple logins/){ if (/MPP attempt/){ $cause='Multiple-Logins (MPP Attempt)'; }else{ $cause='Multiple-Logins'; } $do=1; } elsif (/(Outside allowed timespan \(.+?\)):/){ $cause = "$1"; $do=1; } if ($do){ $date = (split / : /,$_)[0]; $date2 = ParseDate($date); if ($date2){ ($year,$mon,$mday,$hour,$min,$sec)=UnixDate($date2,'%Y','%m','%d','%H','%M','%S'); } $time = "$year-$mon-$mday $hour:$min:$sec"; if (/\[([\w\-\.\!\@\s]+?)\]\s+\(from (.+?)\)/){ $user = $1; ($nas,$port) = (split /\s+/,$2)[1,3]; if ($2 =~ /cli (.+?)$/){ $caller = $1; } } elsif (/\[([\w\-\.\!\@\s]+?)\/.+?\]\s+\(from (.+?)\)/){ $user = $1; ($nas,$port) = (split /\s+/,$2)[1,3]; if ($2 =~ /cli (.+?)$/){ $caller = $1; } } $caller='' if (!defined($caller)); $user =~s/[^\w\-\.\d\!\@\s]//g; $nas =~s/[^\w\.\-]//g; $port =~s/[^\d]//g; $addr = $client_array{$nas}; if ($user ne '' && $realm_strip eq 'yes'){ ($one,$two) = (split /$realm_del/, $user)[0,1]; if ($two ne ''){ $user = ($realm_for eq 'suffix') ? $one : $two; } } foreach $server (@servers){ unlink "$tmpfile.$server" if ($delete{$server}); open TMP, ">>$tmpfile.$server" or die "Could not open temporary file\n"; $ctx = Digest::MD5->new; $ctx->add($user); $ctx->add($addr); $ctx->add($port); $ctx->add($time); $ctx->add('badlogin'); $uniqueid = $ctx->hexdigest;#DEBUG# print "INSERT INTO $sql_accounting_table (UserName,AcctUniqueId,NASIPAddress,NASPortId,AcctStartTime,AcctStopTime,AcctSessionTime,AcctInputOctets,AcctOutputOctets,CallingStationId,AcctTerminateCause) VALUES ('$user','$uniqueid','$addr','$port','$time','$time','0','0','0','$caller','$cause');\n"; print TMP "INSERT INTO $sql_accounting_table (UserName,AcctUniqueId,NASIPAddress,NASPortId,AcctStartTime,AcctStopTime,AcctSessionTime,AcctInputOctets,AcctOutputOctets,CallingStationId,AcctTerminateCause) VALUES ('$user','$uniqueid','$addr','$port','$time','$time','0','0','0','$caller','$cause');\n"; close TMP; $command = "$sqlcmd -h$server $opt -u$sql_username $pass $sql_database <$tmpfile.$server" if ($sql_type eq 'mysql'); $command = "$sqlcmd -U $sql_username -f $tmpfile.$server $sql_database" if ($sql_type eq 'pg'); `$command`; $exit = $? >> 8; $delete{$server} = ($exit == 0) ? 1 : 0; print "ERROR: SQL query failed for host $server\n" if ($exit != 0); } } } } if ($all_file ne 'once') { sleep 2; seek LOG,0,1; } else { exit(0); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -