def __guard_thread(self):
logger.info("SSHD Guard start.")
session = Session()
while not self._exit_flag:
logger.debug("Checking...")
# ????1??????????
current_time = datetime.datetime.now()
last_time = datetime.datetime.now() - datetime.timedelta(minutes=2)
logger.debug("current_time")
logger.debug(current_time)
logger.debug("last_time")
logger.debug(last_time)
ssh_event_qs = session.query(KokkuriSSHEvent).filter(
KokkuriSSHEvent.is_deleted == 0, KokkuriSSHEvent.created_time < current_time,
KokkuriSSHEvent.created_time > last_time, KokkuriSSHEvent.result == 0
).all()
session.commit()
analyze_dict = dict()
logger.debug("ssh event qs")
logger.debug(ssh_event_qs)
# ??????IP?????
for qs in ssh_event_qs:
source_ip = qs.source_ip
if source_ip not in analyze_dict.keys():
analyze_dict[source_ip] = 0
analyze_dict[source_ip] += 1
logger.debug(analyze_dict)
# todo: ???????
# todo: ??????
# ???5????IP??????????????
evil_ip = list()
for ip, fail_count in analyze_dict.items():
if fail_count >= 5:
evil_ip.append(ip)
if len(evil_ip) != 0:
self.evil_task_queue.put(evil_ip)
# ??sleep??
time.sleep(5)
评论列表
文章目录
