Almost there...
This commit is contained in:
parent
de63b1fc84
commit
72d849a0a9
@ -11,15 +11,29 @@ Egrep="/bin/egrep"
|
|||||||
Mail="/usr/bin/mail"
|
Mail="/usr/bin/mail"
|
||||||
Printf="/usr/bin/printf"
|
Printf="/usr/bin/printf"
|
||||||
Cat="/bin/cat"
|
Cat="/bin/cat"
|
||||||
|
Grep="/bin/grep"
|
||||||
|
|
||||||
# Variables
|
# Variables
|
||||||
Admin="jake"
|
Admin="jake"
|
||||||
Authlog="/var/log/auth.log"
|
Authlog="/var/log/auth.log"
|
||||||
|
StampTemp="/tmp/failed_login_last_stamp.tmp"
|
||||||
|
LineTemp="/tmp/failed_login_last_line.tmp"
|
||||||
|
StartLine=1 # Don't change this!
|
||||||
|
New=0 #Don't change this!
|
||||||
|
|
||||||
# Functions
|
# Functions
|
||||||
|
check_for_new_failed()
|
||||||
|
{
|
||||||
|
$Sed -n "$StartLine,\$p" $Authlog | $Egrep "Failed password" \
|
||||||
|
&> /dev/null
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
New=1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
show_failed_logins()
|
show_failed_logins()
|
||||||
{
|
{
|
||||||
$Sed -n '1,$p' $Authlog | $Egrep "Failed password" | \
|
$Sed -n "$StartLine,\$p" $Authlog | $Egrep "Failed password" | \
|
||||||
$Sed 's/invalid user//' | \
|
$Sed 's/invalid user//' | \
|
||||||
$Awk '{ print $1" "$2" "$3" \t"$9"\t\t"$11 }'
|
$Awk '{ print $1" "$2" "$3" \t"$9"\t\t"$11 }'
|
||||||
}
|
}
|
||||||
@ -30,27 +44,50 @@ if [ ! -r $Authlog ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for Bin in $Sed $Awk $Egrep $Mail $Printfi $Cat; do
|
for Bin in $Sed $Awk $Egrep $Mail $Printfi $Cat $Grep; do
|
||||||
if [ ! -x $Bin ]; then
|
if [ ! -x $Bin ]; then
|
||||||
echo "Can't execute $Bin"
|
echo "Can't execute $Bin"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [ -e $StampTemp ] || [ -e $LineTemp ]; then
|
||||||
|
if [ ! -w $StampTemp ] || [ ! -w $LineTemp ] ; then
|
||||||
|
$Printf "Can't write to temp files, perhaps this script "
|
||||||
|
$Printf "has been run be a different user before?\n"
|
||||||
|
$Printf "Consider changing the temp filenames variable\n"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Main
|
# Main
|
||||||
|
|
||||||
# Print a nice header
|
# First of all, check if we have read the log file before and whatever if has
|
||||||
$Printf "Date & time\t\tUser\t\tFrom host\n"
|
# been rotated
|
||||||
$Printf "-----------\t\t----\t\t---------\n"
|
if [ -e $StampTemp ] && [ -e $LineTemp ]; then
|
||||||
show_failed_logins
|
$Sed -n "`$Cat $LineTemp`p" $Authlog | $Grep "`$Cat $StampTemp`" \
|
||||||
|
> /dev/null
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
StartLine=`$Cat $LineTemp`
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Save the last line and the last timestamp for next run (WORK IN PROGRESS)
|
check_for_new_failed
|
||||||
show_failed_logins | $Awk '{ print $1" "$2" "$3 }' \
|
if [ $New -eq 1 ]; then
|
||||||
| $Sed -n '$p' > /tmp/failed_login_last_stamp.tmp
|
# Print a nice header
|
||||||
|
$Printf "Date & time\t\tUser\t\tFrom host\n"
|
||||||
|
$Printf "-----------\t\t----\t\t---------\n"
|
||||||
|
show_failed_logins
|
||||||
|
|
||||||
$Cat $Authlog | sed -n '/Dec 28 20:40:41/{
|
# Save the last line and the last timestamp for next run (WORK IN PROGRESS)
|
||||||
|
show_failed_logins | $Awk '{ print $1" "$2" "$3 }' \
|
||||||
|
| $Sed -n '$p' > $StampTemp
|
||||||
|
LastStamp=`$Cat $StampTemp`
|
||||||
|
|
||||||
|
$Cat $Authlog | sed -n "/$LastStamp/{
|
||||||
=
|
=
|
||||||
p
|
p
|
||||||
}' | tail -n2 | sed -n '/^[0-9]/p' > /tmp/failed_login_last_line.tmp
|
}" | tail -n2 | sed -n '/^[0-9]/p' > $LineTemp
|
||||||
|
fi
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user