#!/usr/bin/perl

# our needed packages
use strict "vars";
use Getopt::Std;
use Term::ANSIColor;

# Global Variables
my $VERBOSE = 0;
my $DEBUG = 0;

# commandline options

my $opt_string = "vdhf:";
getopts( "$opt_string", \my %opt ) or usage() and exit(1);

$VERBOSE = 1 if $opt{'v'};
$DEBUG = 1 if $opt{'d'};

if ( $opt{'h'} ) {
    usage();
    exit 0;
}

my $FILE = $opt{'f'};
debug ("File was $FILE\n");
( usage() and die "Please supply a filename\n" ) unless stat($FILE);


####################################################
# Main part

my %badguys;

open(LOG, "$FILE") or die "Error opening $FILE $!\n";

while ( my $line = <LOG> ) {

 if ($line =~ /^(.*:\d\d) .*authentication failure.*rhost=(\S+)  user/ ) {    
     # print $line;
     verbose("found line: $line\n");
     # $badguys{$1}++;
     my $DATE = $1;
     my $IP = $2;
     
       if ( not $badguys{$IP}{"startdate"}) {
	   $badguys{$IP}{"startdate"} = $DATE;
       }
     $badguys{$IP}{"lastdate"} = $DATE;
     $badguys{$IP}{"attackcount"}++;
 }
    }
close(LOG);

foreach my $IP (keys %badguys) {
#    print "IP = $IP and its first attempt to attack is: $badguys{$IP}{'startdate'} and its last attempt is: $badguys{$IP}{'lastdate'} and the total count of attacks is: $badguys{$IP}{'attackcount'} \n";
    print "IP = ";
    print color 'bold yellow';
    print $IP ;
    print color 'reset';
    print " and its first attempt to attack is: $badguys{$IP}{'startdate'} and its last attempt is: $badguys{$IP}{'lastdate'} and the total count of attacks is: $badguys{$IP}{'attackcount'} \n";
    findlocation($IP);
}


debug("script is finished,exiting...\n");
  exit 0;


#####################################################
# subroutines


sub usage {
    
    print "Usage:\n";
    print "-h for help\n";
    print "-v for verbose (more output ) \n";
    print "-d for debug (even more output)\n";
    print "-f <filename> for the auth.log file\n";
}


sub verbose {
    print "VERBOSE: " . $_[0] if ( $VERBOSE or $DEBUG );
}


sub debug {
    print "DEBUG: " . $_[0] if ( $DEBUG );
}


sub findlocation {
#    open(GEO,"wget -q -O - http://www.geoiptool.com/en/?IP=$_[0] | grep '<strong>Country' ");
    open(GEO,"wget -q -O - http://www.geoiptool.com/en/?IP=$_[0] | ") or die "Error creating file  $!\n";

    while ( my $targetline = <GEO> ) {
	if ($targetline =~ /^.*Country<\/strong>: (.*)<br><strong>/) {
#	    print "IP GEO-Location is: " . $1 . "\n";    
	    print "IP GEO-LOCATION is: "; 
	    print color 'bold red';
	    print $1;
	    print color 'reset';
	    print "\n";
	    print "--------------------------------------------------------------------------------------------------------------------------------------------------------\n";
	}
    
    }
 return 0 ;   
}