{ "info": { "author": "Giuseppe De Marco", "author_email": "giuseppe.demarco@unical.it", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "License :: OSI Approved :: BSD License", "Programming Language :: Python :: 2", "Programming Language :: Python :: 3" ], "description": "# xt_recent_parser\nTool used for converting jiffies from iptables xt_recent into timestamps.\n\nAn example of xt_recent log can be like this, where only 2 syn connections in 20 seconds are allowed:\n\n````\nexport IPT=iptables\nexport SSH_PORT=22\nexport HITCOUNT=3 # 2 syn connection (<3)\nexport SECONDS=20 # in 20 seconds are allowed\n\n\n# --rcheck: Check if the source address of the packet is currently in the list.\n# --update: Like --rcheck, except it will update the \"last seen\" timestamp if it matches.\n\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m state --state NEW -m recent --set --name sshguys --rsource\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m state --state NEW -m recent --rcheck --seconds $SECONDS --hitcount $HITCOUNT --rttl --name sshguys --rsource -j LOG --log-prefix \"BLOCKED SSH (brute force)\" --log-level 4 -m limit --limit 1/minute --limit-burst 5\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m recent --rcheck --seconds $SECONDS --hitcount $HITCOUNT --rttl --name sshguys --rsource -j REJECT --reject-with tcp-reset\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m recent --update --seconds $SECONDS --hitcount $HITCOUNT --rttl --name sshguys --rsource -j REJECT --reject-with tcp-reset\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m state --state NEW,ESTABLISHED -j ACCEPT\n````\n\nIn syslog we can see blocked connections :\n\n````\nMar 26 14:06:41 cloudone-cla kernel: [5339977.637052] BLOCKED SSH (brute force)IN=eth0 OUT= MAC=00:50:56:92:00:04:00:14:c2:61:09:be:08:00 SRC=95.142.177.153 DST=160.97.104.18 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42489 DF PROTO=TCP SPT=44636 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 \n````\n\nIt only needs Python3:\n\n````\nroot@cloudone-cla:~/xt_recent_parser# python3 xt_recent_parser.py \nXT_RECENT python parser\n\n\n\nStandard readable view:\n190.102.72.44, last seen: 2017-03-26 13:31:55 after 1 connections\n187.112.185.153, last seen: 2017-03-26 13:28:07 after 2 connections\n95.142.177.153, last seen: 2017-03-26 13:27:31 after 12 connections\n\nCSV view:\nip_src;last_seen;connections;deltas_mean;delta_seconds\n190.102.72.44;2017-03-26 13:31:55.462201;1;0;\n187.112.185.153;2017-03-26 13:28:07.168819;2;0.0;0\n95.142.177.153;2017-03-26 13:27:31.976049;12;1.7272727272727273;1,1,1,1,1,1,2,3,3,1,4\n\n````\n\nIn CSV format there will be available time delta mean and time deltas in seconds for every attempt.\n\nPelase remember to edit the xt_recent file path to make it works as desidered:\n\n````\n# at the begin of xt_recent_parser.py\n_fpath = '/proc/net/xt_recent/sshguys'\n\n# or in object creation:\nxt = XtRecentTable(fpath=\"/proc/net/xt_recent/sshguys\")\n````\n\n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/peppelinux/iptables_xt_recent_parser", "keywords": "", "license": "BSD", "maintainer": "", "maintainer_email": "", "name": "iptables-xt-recent-parser", "package_url": "https://pypi.org/project/iptables-xt-recent-parser/", "platform": "", "project_url": "https://pypi.org/project/iptables-xt-recent-parser/", "project_urls": { "Homepage": "https://github.com/peppelinux/iptables_xt_recent_parser" }, "release_url": "https://pypi.org/project/iptables-xt-recent-parser/0.4/", "requires_dist": null, "requires_python": "", "summary": "Tool used for converting jiffies from iptables xt_recent into timestamps.", "version": "0.4" }, "last_serial": 4799665, "releases": { "0.3": [ { "comment_text": "", "digests": { "md5": "46f959c871006aa7cfd2fe5a97db4b95", "sha256": "6c2359e28c8d47a5318aca313114cb63405c043da2c1e9cf33cc755c0892a176" }, "downloads": -1, "filename": "iptables_xt_recent_parser-0.3-py3-none-any.whl", "has_sig": false, "md5_digest": "46f959c871006aa7cfd2fe5a97db4b95", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 30487, "upload_time": "2019-02-09T15:51:44", "url": "https://files.pythonhosted.org/packages/1e/f9/8e0e94990dd3375d7c04492ff4d5aff49907c0eb83f9bdf02f7b5fe153a0/iptables_xt_recent_parser-0.3-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7c9bdac52327afcea7b5c743bd76a145", "sha256": "567659553dcf7a1699fb85140cddf00e42eee704e9e5cfbaecaeecc63d83d416" }, "downloads": -1, "filename": "iptables_xt_recent_parser-0.3.tar.gz", "has_sig": false, "md5_digest": "7c9bdac52327afcea7b5c743bd76a145", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5377, "upload_time": "2019-02-09T15:51:46", "url": "https://files.pythonhosted.org/packages/f7/6f/fbe8d54c80df7ccfa4a4a918c6e60dcd0ae8c9145eecf5ef231af80c7e0f/iptables_xt_recent_parser-0.3.tar.gz" } ], "0.4": [ { "comment_text": "", "digests": { "md5": "9f13c27ab0da1c65eb7883e185d283ef", "sha256": "3332155534894c8147ff5394c8dc1151fdfd5f4f0fb58e13cfb971dd87ca5fa9" }, "downloads": -1, "filename": "iptables_xt_recent_parser-0.4-py3-none-any.whl", "has_sig": false, "md5_digest": "9f13c27ab0da1c65eb7883e185d283ef", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 30625, "upload_time": "2019-02-09T16:09:12", "url": "https://files.pythonhosted.org/packages/b9/f5/83931843a044645c3421af58fa458a2e1e628cfa859d349d029221f819b0/iptables_xt_recent_parser-0.4-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "30171d93917419e29db47ae147599dfd", "sha256": "4be0204584d47ee7e4c7e1051e3cdc3d827f36c2fe3814e3c718acf0f102a872" }, "downloads": -1, "filename": "iptables_xt_recent_parser-0.4.tar.gz", "has_sig": false, "md5_digest": "30171d93917419e29db47ae147599dfd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5387, "upload_time": "2019-02-09T16:09:13", "url": "https://files.pythonhosted.org/packages/9d/1d/545d0134c09e8699f63757ef1cac5d880d30e6f1d251082bc92c12bbf334/iptables_xt_recent_parser-0.4.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "9f13c27ab0da1c65eb7883e185d283ef", "sha256": "3332155534894c8147ff5394c8dc1151fdfd5f4f0fb58e13cfb971dd87ca5fa9" }, "downloads": -1, "filename": "iptables_xt_recent_parser-0.4-py3-none-any.whl", "has_sig": false, "md5_digest": "9f13c27ab0da1c65eb7883e185d283ef", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 30625, "upload_time": "2019-02-09T16:09:12", "url": "https://files.pythonhosted.org/packages/b9/f5/83931843a044645c3421af58fa458a2e1e628cfa859d349d029221f819b0/iptables_xt_recent_parser-0.4-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "30171d93917419e29db47ae147599dfd", "sha256": "4be0204584d47ee7e4c7e1051e3cdc3d827f36c2fe3814e3c718acf0f102a872" }, "downloads": -1, "filename": "iptables_xt_recent_parser-0.4.tar.gz", "has_sig": false, "md5_digest": "30171d93917419e29db47ae147599dfd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5387, "upload_time": "2019-02-09T16:09:13", "url": "https://files.pythonhosted.org/packages/9d/1d/545d0134c09e8699f63757ef1cac5d880d30e6f1d251082bc92c12bbf334/iptables_xt_recent_parser-0.4.tar.gz" } ] }