removed salt filename, so salt is only stored in memory

Author: Micah Lee

cryptolog

@@ -1,91 +1,69 @@
 #!/usr/bin/env python
 
-fromsysimportstdin, stdout, stderr, argvasarguments
-fromosimporturandom, stat
-fromtimeimportlocaltime, time
+fromsysimportstdin
+fromosimporturandom
+fromtimeimportlocaltime
 fromsyslogimportsyslog, LOG_CRIT
 frombase64importb64encodeasencode
 fromhmacimportHMACashash
 fromargparseimportArgumentParser
 fromsubprocessimportPopen, PIPE
 
+salt_data=None
+salt_day=None
 salt_size=16
-one_day=60*60*24
 
-defsalt(salt_filename):
-try:
-cur_time=localtime()
-cur_day= (cur_time.tm_year, cur_time.tm_yday)
-salt_time=localtime(stat(salt_filename).st_mtime)
-salt_day= (salt_time.tm_year, salt_time.tm_yday)
-ifcur_day!=salt_day:
-returnnew_salt()
-returnfile(salt_filename, "rb").read(16)
-exceptException, e:
-try:
-returnnew_salt(salt_filename)
-exceptException, ee:
-syslog(LOG_CRIT, str(ee))
-returnurandom(salt_size)
-
-defnew_salt(salt_filename):
-try:
-r=urandom(salt_size)
-f=file(salt_filename, "wb")
-f.write(r)
-f.flush()
-f.close()
-returnr
-exceptException, e:
-syslog(LOG_CRIT, str(e))
+defsalt():
+t=localtime()
+now= (t.tm_year, t.tm_yday)
+ifsalt_day!=now:
+salt_data=urandom(16)
+salt_day=now
+returnsalt_data
 
-defhash_ip(ip, salt_filename):
-returnencode(hash(salt(salt_filename), ip).digest())[:6]
+defhash_ip(ip):
+returnencode(hash(salt(), ip).digest())[:6]
 
 if__name__=="__main__":
-parser=ArgumentParser(description='A program to encrypt the IP addresses in web server logs, to be used within an Apache CustomLog line. It assumes that the IP address is the first space-separated field in the log line. Input comes in the form of log lines from stdin.')
-parser.add_argument('-s', 
-dest='salt', 
-default='/tmp/cryptolog_salt', 
-help='filename to store the salt in (default: /tmp/cryptolog_salt)')
-parser.add_argument('-w',
-dest='write', 
-help='filename to write logs to')
-parser.add_argument('-c',
-dest='command', 
-help='pipe logs to this external program')
-args=parser.parse_args()
+parser=ArgumentParser(description='A program to encrypt the IP addresses in web server logs, to be used within an Apache CustomLog line. It assumes that the IP address is the first space-separated field in the log line. Input comes in the form of log lines from stdin.')
+parser.add_argument('-w',
+dest='write', 
+help='filename to write logs to')
+parser.add_argument('-c',
+dest='command', 
+help='pipe logs to this external program')
+args=parser.parse_args()
 
-try:
-log_file=None
-if(args.write!=None):
-log_file=file(args.write, 'ab')
+try:
+log_file=None
+if(args.write!=None):
+log_file=file(args.write, 'ab')
 
-p=None
-if(args.command!=None):
-p=Popen(args.command, stdin=PIPE, shell=True)
+p=None
+if(args.command!=None):
+p=Popen(args.command, stdin=PIPE, shell=True)
 
-log=stdin.readline()
-while(log):
-ip, rest=log.split(" ", 1)
-crypted_log=" ".join((hash_ip(ip, args.salt), rest))
+log=stdin.readline()
+while(log):
+ip, rest=log.split(" ", 1)
+crypted_log=" ".join((hash_ip(ip), rest))
 
-if(log_file!=None):
-log_file.write(crypted_log)
-log_file.flush()
+if(log_file!=None):
+log_file.write(crypted_log)
+log_file.flush()
 
-if(p!=None):
-p.stdin.write(crypted_log)
-p.stdin.flush()
+if(p!=None):
+p.stdin.write(crypted_log)
+p.stdin.flush()
 
-log=stdin.readline()
+log=stdin.readline()
 
-if(log_file!=None):
-log_file.close()
+if(log_file!=None):
+log_file.close()
 
-if(p!=None):
-p.stdin.close()
-p.wait()
-exceptException, e:
-syslog(LOG_CRIT, str(e))
+if(p!=None):
+p.stdin.close()
+p.wait()
+exceptException, e:
+syslog(LOG_CRIT, str(e))