From 72d849a0a9610ebb048932ec0ead0d72aec057b0 Mon Sep 17 00:00:00 2001 From: Jack-Benny Persson Date: Sun, 29 Dec 2013 10:24:55 +0100 Subject: [PATCH] Almost there... --- failed_logins.sh | 59 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 48 insertions(+), 11 deletions(-) diff --git a/failed_logins.sh b/failed_logins.sh index b84aab5..a652059 100755 --- a/failed_logins.sh +++ b/failed_logins.sh @@ -11,15 +11,29 @@ Egrep="/bin/egrep" Mail="/usr/bin/mail" Printf="/usr/bin/printf" Cat="/bin/cat" +Grep="/bin/grep" # Variables Admin="jake" Authlog="/var/log/auth.log" +StampTemp="/tmp/failed_login_last_stamp.tmp" +LineTemp="/tmp/failed_login_last_line.tmp" +StartLine=1 # Don't change this! +New=0 #Don't change this! # Functions +check_for_new_failed() +{ + $Sed -n "$StartLine,\$p" $Authlog | $Egrep "Failed password" \ + &> /dev/null + if [ $? -eq 0 ]; then + New=1 + fi +} + show_failed_logins() { - $Sed -n '1,$p' $Authlog | $Egrep "Failed password" | \ + $Sed -n "$StartLine,\$p" $Authlog | $Egrep "Failed password" | \ $Sed 's/invalid user//' | \ $Awk '{ print $1" "$2" "$3" \t"$9"\t\t"$11 }' } @@ -30,27 +44,50 @@ if [ ! -r $Authlog ]; then exit 1 fi -for Bin in $Sed $Awk $Egrep $Mail $Printfi $Cat; do +for Bin in $Sed $Awk $Egrep $Mail $Printfi $Cat $Grep; do if [ ! -x $Bin ]; then echo "Can't execute $Bin" exit 1 fi done +if [ -e $StampTemp ] || [ -e $LineTemp ]; then + if [ ! -w $StampTemp ] || [ ! -w $LineTemp ] ; then + $Printf "Can't write to temp files, perhaps this script " + $Printf "has been run be a different user before?\n" + $Printf "Consider changing the temp filenames variable\n" + exit 1 + fi +fi + # Main -# Print a nice header -$Printf "Date & time\t\tUser\t\tFrom host\n" -$Printf "-----------\t\t----\t\t---------\n" -show_failed_logins +# First of all, check if we have read the log file before and whatever if has +# been rotated +if [ -e $StampTemp ] && [ -e $LineTemp ]; then + $Sed -n "`$Cat $LineTemp`p" $Authlog | $Grep "`$Cat $StampTemp`" \ + > /dev/null + if [ $? -eq 0 ]; then + StartLine=`$Cat $LineTemp` + fi +fi -# Save the last line and the last timestamp for next run (WORK IN PROGRESS) -show_failed_logins | $Awk '{ print $1" "$2" "$3 }' \ - | $Sed -n '$p' > /tmp/failed_login_last_stamp.tmp +check_for_new_failed +if [ $New -eq 1 ]; then + # Print a nice header + $Printf "Date & time\t\tUser\t\tFrom host\n" + $Printf "-----------\t\t----\t\t---------\n" + show_failed_logins -$Cat $Authlog | sed -n '/Dec 28 20:40:41/{ + # Save the last line and the last timestamp for next run (WORK IN PROGRESS) + show_failed_logins | $Awk '{ print $1" "$2" "$3 }' \ + | $Sed -n '$p' > $StampTemp + LastStamp=`$Cat $StampTemp` + +$Cat $Authlog | sed -n "/$LastStamp/{ = p -}' | tail -n2 | sed -n '/^[0-9]/p' > /tmp/failed_login_last_line.tmp +}" | tail -n2 | sed -n '/^[0-9]/p' > $LineTemp +fi exit 0