feat: recode scanner logic, add sshd service, add journald support, recode test for parser, update daemon, update config template
All checks were successful
build / build (push) Successful in 2m27s
All checks were successful
build / build (push) Successful in 2m27s
This commit is contained in:
d3m0k1d
54
internal/parser/sshd.go
Normal file
54
internal/parser/sshd.go
Normal file
@@ -0,0 +1,54 @@
|
||||
package parser
|
||||
|
||||
import (
|
||||
"regexp"
|
||||
|
||||
"github.com/d3m0k1d/BanForge/internal/logger"
|
||||
"github.com/d3m0k1d/BanForge/internal/storage"
|
||||
)
|
||||
|
||||
type SshdParser struct {
|
||||
pattern *regexp.Regexp
|
||||
logger *logger.Logger
|
||||
}
|
||||
|
||||
func NewSshdParser() *SshdParser {
|
||||
pattern := regexp.MustCompile(
|
||||
`^([A-Za-z]{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+(\S+)\s+sshd(?:-session)?\[(\d+)\]:\s+Failed\s+(\w+)\s+for\s+(?:invalid\s+user\s+)?(\S+)\s+from\s+(\S+)\s+port\s+(\d+)`,
|
||||
)
|
||||
return &SshdParser{
|
||||
pattern: pattern,
|
||||
logger: logger.New(false),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *SshdParser) Parse(eventCh <-chan Event, resultCh chan<- *storage.LogEntry) {
|
||||
// Group 1: Timestamp, Group 2: hostame, Group 3: pid, Group 4: Method auth, Group 5: User, Group 6: IP, Group 7: port
|
||||
go func() {
|
||||
for event := range eventCh {
|
||||
matches := p.pattern.FindStringSubmatch(event.Data)
|
||||
if matches == nil {
|
||||
continue
|
||||
}
|
||||
resultCh <- &storage.LogEntry{
|
||||
Service: "ssh",
|
||||
IP: matches[6],
|
||||
Path: matches[5], // user
|
||||
Status: "Failed",
|
||||
Method: matches[4], // method auth
|
||||
IsViewed: false,
|
||||
}
|
||||
p.logger.Info(
|
||||
"Parsed ssh log entry",
|
||||
"ip",
|
||||
matches[6],
|
||||
"user",
|
||||
matches[5],
|
||||
"method",
|
||||
matches[4],
|
||||
"status",
|
||||
"Failed",
|
||||
)
|
||||
}
|
||||
}()
|
||||
}
|
||||
Reference in New Issue
Block a user