37 lines
1.7 KiB
Markdown
37 lines
1.7 KiB
Markdown
# failedlogins #
|
|
This is a small Bash script I wrote for a programming & scripting class at
|
|
school. The script (failedlogins.sh) checks for failed SSH logins in
|
|
/var/log/auth.log by default.
|
|
The failed logins are then sent by e-mail to the admin user specified in the
|
|
Admin variable.
|
|
The script only mails new failed login attempts since it was last run to avoid
|
|
cluttering the admin's mailbox.
|
|
|
|
## Usage ##
|
|
The script is meant to run from a cronjob, for example once every hour or day
|
|
or whatever suits your needs. An example (15 minutes after every hour) would be:
|
|
```
|
|
15 * * * * /home/admin/failedlogins.sh
|
|
```
|
|
|
|
## Compability ##
|
|
So far I've only tested it on Ubuntu 13.04. The binaries used in the script are
|
|
hardcoded to avoid unsane environments. The path to these binaries
|
|
could change on other Linux dists and other *NIX.
|
|
For this purpose I've created a small configuration script that updates all the
|
|
binaries to match the current system it's being run on. Since the configuration
|
|
script is meant to run directly by a user and not in a cronjob there are no
|
|
hardcoded binaries in this script. Simply run `./configure.sh` in this
|
|
directory in case failedlogins.sh complains about some binaries.
|
|
|
|
failedlogins.sh uses sed, awk (standrad awk), egrep, cat, printf, mail, rm, tail,
|
|
mktemp and regular grep. All of these utilities are pretty standard on a
|
|
Debian/Ubuntu machine, except for mail which is not included in for example
|
|
Ubuntu Desktop. On both Ubuntu and Debian this can be installed with
|
|
`sudo apt-get install mailutils`. (Which will also install Postfix if it's not
|
|
already installed).
|
|
|
|
## Flowchart and notes ##
|
|
These files can be ignored, they are included for the sake of the scripting
|
|
class and for my own reference.
|