1. Python parser: Write a python parser which takes [login to view URL] file as input, (optional date) and
return following summaries. Sample [login to view URL] file is attached.
Python [login to view URL] –file /foo/[login to view URL] [--date DATE ]
# of “Failed password” and # of “reverse mapping” attempts distributed by IP addresses for
a given date.
# of failed password attempts:
{ “2018-04-13” : { root : { “TOTAL” : 10,
“IPLIST” : { “IP1“ : 4 , “IP2”: 6},
{ “BUSER” : { “TOTAL” : 18,
“IPLIST” : { “IP3“ : 7 , “IP4”: 11} }}
“YYYY-MM-DD” : { user: { total: value, IPLIST: {} } }
}
Above can be interpreted as there were 10 failed passwords attempts made for user root on
“Date” and 4 came from IP1, and 6 came from IP2. If date is not given, then report all entries
in the log file.
For reverse mapping, instead of user, report getaddrinfo string.
{ “DATE” : { “[login to view URL]” : {TOTAL: 1, IPLIST: {}} }
Hints: Strings to look out for
Reverse mapping#: “reverse mapping checking getaddrinfo for [login to view URL]
[[login to view URL]] failed - POSSIBLE BREAK-IN ATTEMPT!”
Failed password: “Failed password for root from [login to view URL] port 63858 ssh2”