#!/usr/bin/env python

import signal
import sys
import subprocess
import time
import string

def signal_handler(signum, frame):
        global interface

        print "[    infect][00000000] Signal caught."
        print "[    infect][00000000] Sniffing off" 

        sys.exit()

        return

def main():
    signal.signal(signal.SIGINT, signal_handler)
    signal.signal(signal.SIGTERM, signal_handler)

    print "[    infect][00000000] Sniffing on"

    try:
        os.remove('/opt/td-config/run/rcs/infect')
    except:
        pass

    try:
        os.remove('/opt/td-config/run/rcs/infect.tmp')
    except:
        pass

    try:
        os.remove('/opt/td-config/run/rcs/infect.tmp2')
    except:
        pass

    try:
        os.makedirs('/opt/td-config/run/')
    except:
        pass

    try:
        os.makedirs('/opt/td-config/run/rcs/')
    except:
        pass

    f = open("/opt/td-config/run/rcs/infect", "w+")
    f.close()

    tail = subprocess.Popen('/usr/bin/tail -f /var/log/syslog', shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

    while True:
            attack = tail.stdout.readline()

            atype = None

            if string.find(attack, "Inject Exe attack successful") != -1:
                atype = "E"
            elif string.find(attack, "Inject Html Java attack successful") != -1:
                atype = "J"
	    elif string.find(attack, "Inject Html Flash attack successful") != -1:
		atype = "F"
	    elif string.find(attack, "Inject Html File attack successful") != -1:
		atype = "H"
            elif string.find(attack, "Inject Upgrade attack successful") != -1:
                atype = "U"
            elif string.find(attack, "Replace attack successful") != -1:
                atype = "R"

            if atype != None:
                index1 = string.find(attack, "=> [")
                atarget = attack[index1 + 4:]
                index2 = string.find(atarget, "] [")
		aurl = atarget[index2 + 3:]
                atarget = atarget[0:index2]
		index3 = string.find(aurl, "] ")
		aurl = aurl[0:index3]
	        aattack = atype + ' ' + atarget + ' ' + aurl + '\n'

		try:
		    ret = subprocess.check_output("grep -i '{}' /opt/td-config/run/rcs/infect".format(atarget), shell=True)
		except:
		    ret = "" 
		    pass

		if len(ret) == 0:
		    f2 = open('/opt/td-config/run/rcs/infect', 'a')
		    f2.write(aattack)
		    f2.close()
		else:
		    subprocess.call("cp /opt/td-config/run/rcs/infect /opt/td-config/run/rcs/infect.tmp", shell=True)

                    f1 = open('/opt/td-config/run/rcs/infect', 'r')
                    f2 = open('/opt/td-config/run/rcs/infect.tmp', 'w+')

		    for line in f1:
		        targ = line[2:len(line) - 1]
			index = string.find(targ, " ")
			targ = targ[0:index]

		        if atarget == targ:
		            f2.write(aattack)
		        else:
			    f2.write(line)

	   	    f1.close()
		    f2.close()

		    subprocess.call("mv /opt/td-config/run/rcs/infect.tmp /opt/td-config/run/rcs/infect", shell=True)

    return

if __name__ == "__main__":
        main()