Posts: 53
Threads: 7
Joined: Jul 2019
Aug-17-2019, 12:52 AM
(This post was last modified: Aug-17-2019, 12:57 AM by raymond2688.)
I am trying to get just the user name that is between invalid user and from the following code is what i have
with open("auth.log.1") as auth_log:
for line in auth_log:
if "Failed password" in line:
start = line.find("invalid user")
end = line.find(" from")
name = line[start:end]
print("{}".format(name)) I think this is my problem because it prints out "invalid user" and the user name
start = line.find("invalid user") I want it to start with the space after the r in user. Any help would be greatly appreciated. Thank you in advance
This is my output
Output: invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
invalid user root
Posts: 4,229
Threads: 97
Joined: Sep 2016
The find method returns the start of the substring in the string. So your start variable is set to the beginning of the word 'user', that is, to the 'u'. You want to add five to it so your slice skips over the word 'user' and the space after it.
Posts: 53
Threads: 7
Joined: Jul 2019
(Aug-17-2019, 02:13 AM)ichabod801 Wrote: The find method returns the start of the substring in the string. So your start variable is set to the beginning of the word 'user', that is, to the 'u'. You want to add five to it so your slice skips over the word 'user' and the space after it.
I tried this which is what I think you mean
start = line.find("invalid user"[5:]) But it only takes out inval
I can only go up to 9 then it changes everything from
Output: id user root
id user root
id user root
id user root
id user root
id user root
id user root
id user root
id user roo
to this
Output: er sshd[6488]: Failed password for invalid user root
er sshd[6490]: Failed password for invalid user root
er sshd[6490]: message repeated 2 times: [ Failed password for invalid user root
er sshd[6492]: Failed password for invalid user root
er sshd[6488]: message repeated 5 times: [ Failed password for invalid user root
er sshd[6492]: message repeated 2 times: [ Failed password for invalid user root
er sshd[6494]: Failed password for invalid user root
er sshd[6496]: Failed password for invalid user root
er sshd[6494]: message repeated 2 times: [ Failed password for invalid user root
er sshd[6501]: Failed password for invalid user root
er sshd[6496]: message repeated 5 times: [ Failed password for invalid user root
er sshd[6503]: Failed password for invalid user root
er sshd[6501]: message repeated 2 times: [ Failed password for invalid user root
Posts: 4,229
Threads: 97
Joined: Sep 2016
Just add five to start. Don't slice something else. Add five to start. And that's assuming you are searching for 'user', so you need 5 characters to get past 'user '. If you are going to change the string you are searching for to 'Invalid user', you need to account for the extra length of that string. So you would need to add 13 to start. Note that if you were to slice 'Invalid user' by 13, you would get nothing. That's why you don't do that.
Posts: 53
Threads: 7
Joined: Jul 2019
(Aug-17-2019, 01:43 PM)ichabod801 Wrote: Just add five to start. Don't slice something else. Add five to start. And that's assuming you are searching for 'user', so you need 5 characters to get past 'user '. If you are going to change the string you are searching for to 'Invalid user', you need to account for the extra length of that string. So you would need to add 13 to start. Note that if you were to slice 'Invalid user' by 13, you would get nothing. That's why you don't do that.
I know that is what I need to do I just cant figure out were it goes
start = line.find("invalid user") I have tried it in many different places in the code
Posts: 1,346
Threads: 2
Joined: May 2019
start = line.find("invalid user")+13 Add 13 which is the length of "invalid user " (including the space)
Posts: 53
Threads: 7
Joined: Jul 2019
(Aug-17-2019, 05:15 PM)jefsummers Wrote: start = line.find("invalid user")+13 Add 13 which is the length of "invalid user " (including the space)
about the only thing i did not try......I was putting every attempt into []
Thank you very much
Posts: 53
Threads: 7
Joined: Jul 2019
I am on step 4 now.
I think I am doing pretty good but I have a couple issues. I am uncertain if it is actually removing dupes but keeping count of number of times a user name attempts to log in.
My other issue is my print string is wrong and I cant figure out how to make the first {} my count and second {} the user name. I am certain it is in my format
intruder_log = {}
with open("auth.log.1") as auth_log:
for line in auth_log:
if "Failed password" in line:
start = line.find("invalid user")
end = line.find(" from")
name = line[start + 13:end]
if name in intruder_log:
intruder_log[name] += 1
else:
intruder_log[name] = 1
for key in intruder_log:
print("Attackers tried {} times to log in as {}".format, key["name"])
Posts: 1,822
Threads: 2
Joined: Apr 2017
Aug-18-2019, 06:44 PM
(This post was last modified: Aug-18-2019, 06:44 PM by ndc85430.)
First, you're printing the format method, not calling it. When you do call it, it takes multiple arguments, in the same order as the placeholders, e.g.
>>> "{} {} {}".format("foo", "bar", "baz")
'foo bar baz'
>>> Also, key will be assigned the values of the keys in the dict, so the expression key["name"] doesn't make any sense.
Posts: 53
Threads: 7
Joined: Jul 2019
I get that now but that leeds to my other issue is my code counting how many time a user name is used.
(Aug-18-2019, 06:44 PM)ndc85430 Wrote: First, you're printing the format method, not calling it. When you do call it, it takes multiple arguments, in the same order as the placeholders, e.g.
>>> "{} {} {}".format("foo", "bar", "baz")
'foo bar baz'
>>> Also, key will be assigned the values of the keys in the dict, so the expression key["name"] doesn't make any sense.
So I am thinking that my print statement should look like this with the exception that i need 2 keys or values 1 being the name the other number of attempts but I cant call for the number of attempts because I think it is not counting
for key in intruder_log:
print("Attackers tried {} times to log in as {}".format("name"))# i need to add my second {}
|