I have completed Part 1 and if you finish part 2 soon enough I will do the 800 word report. Just the coding I need really.
PART 2 - Python Scripting
Produce a working program, with verbose commentary, based on the following requirements:
You have been put in charge of administering a Linux system. You have been hacked and you need to identify how and who. To assist your investigation you will need to create a Python program.
You are required to create a Python program and that will parse the contents of the Apache log file and SSH log file, both found on Blackboard, and perform the following tasks:
1. Find how many attempts were made with thebin account.
2. If certain IP addresses have more than 30 failed attempts, create a blacklist file (blacklistips.txt) and save the IP addresses within it.
3. Identify how many attacks were logged per hour.
4. Identify how many attacks were logged, per hour, per IP.
5. Compare the results from the Webserver’s log and those from the SSH logs and create a new text file with a new entry describing the correlation of both events.
6. Identify the credentials used to break into both systems and write a small paragraph on your findings/assumptions.
Note: An attack, in this case, will be anything that starts with a ‘Failed password for’.
i can send log files