diff --git a/Labb8/ovning5.md b/Labb8/ovning5.md new file mode 100644 index 0000000..6bfbb5f --- /dev/null +++ b/Labb8/ovning5.md @@ -0,0 +1,5 @@ +# Exercise 5 # + +This exercise now lives in it's own repository at +[jackbenny/failedlogins](https://github.com/jackbenny/failedlogins) + diff --git a/Labb8/ovning5/README.md b/Labb8/ovning5/README.md deleted file mode 100644 index b854199..0000000 --- a/Labb8/ovning5/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# failed\_logins.sh # -This is a small Bash script I wrote for a programming & scripting course at -school. The script checks for failed SSH logins in /var/log/auth.log by default. -The failed logins are then sent by e-mail to the admin user specified in the -Admin variable. -The script only mails new failed login attempts since it was last run to avoid -cluttering the admin's mailbox. - -## Usage ## -The script is meant to run from a cronjob, for example once every hour or day -or whatever suits your needs. An example (15 minutes after every hour) would be: -``` -15 * * * * /home/admin/failed_logins.sh -``` - -## Compability ## -So far I've only tested it on Ubuntu 13.04. The binaries used in the script are -hardcoded to avoid unsane environments. The path to these hardcoded binaries -could change on other Linux dists and other *NIX. - -The script uses sed, awk (standrad awk), egrep, cat, printf, mail, rm, tail, -mktemp and regular grep. All of these utilities are pretty standard on a -Debian/Ubuntu machine, except for mail which is not included in for example -Ubuntu Desktop. On both Ubuntu and Debian this can be installed with -`sudo apt-get install mailutils`. - - diff --git a/Labb8/ovning5/configure.sh b/Labb8/ovning5/configure.sh deleted file mode 100755 index 97c199d..0000000 --- a/Labb8/ovning5/configure.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -# Jack-Benny Persson -# LX13 -# Configuration script to update the hardcoded binaries - -# Variables -Binaries=(sed awk egrep mail printf cat grep mktemp rm tail) -File="failed_logins.sh" -TempFile=`mktemp -t failed_logins.XXXXXX` -StartBin=8 -EndBin=17 - -# Check that they are all installed -for bin in ${Binaries[@]}; do - whereis $bin | awk '{ print $2 }' | grep $bin &> /dev/null - if [ $? -ne 0 ]; then - echo "It seems you system dosen't have $bin installed" - exit 1 - fi -done - -# Make a temporary copy of the original file -cp $File $TempFile - -# Loop through all the binaries to extract the path and make new -# variables for the script looking like this: Binary="/bin/binary" -Index=0 -for i in ${Binaries[@]}; do - NewBins[$Index]=$(echo "$i=\"`whereis $i | awk '{ print $2 }'`\"" | \ - sed "s/\b\(^.\)/\u\1/g") - ((Index++)) -done - -# Replace the old variables for the new ones -cat $TempFile | sed "{ -/Sed=/c${NewBins[0]} -/Awk=/c${NewBins[1]} -/Egrep=/c${NewBins[2]} -/Mail=/c${NewBins[3]} -/Printf=/c${NewBins[4]} -/Cat=/c${NewBins[5]} -/Grep=/c${NewBins[6]} -/Mktemp=/c${NewBins[7]} -/Rm=/c${NewBins[8]} -/Tail=/c${NewBins[9]} -}" > $File - -# Clean up -rm $TempFile - -exit 0 diff --git a/Labb8/ovning5/failed_logins.sh b/Labb8/ovning5/failed_logins.sh deleted file mode 100755 index 6f2a5d8..0000000 --- a/Labb8/ovning5/failed_logins.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash - -# Jack-Benny Persson -# LX13 -# Exercise 5 on lab 8 (Write a script to check for failed logins) - -# Binaries -Sed="/bin/sed" -Awk="/usr/bin/awk" -Egrep="/bin/egrep" -Mail="/usr/bin/mail" -Printf="/usr/bin/printf" -Cat="/bin/cat" -Grep="/bin/grep" -Mktemp="/bin/mktemp" -Rm="/bin/rm" -Tail="/usr/bin/tail" - -# Variables -Admin="jake" -Authlog="/var/log/auth.log" -StampTemp="/tmp/failed_login_last_stamp.tmp" -LineTemp="/tmp/failed_login_last_line.tmp" -StartLine=1 # Don't change this! -New=0 #Don't change this! - -# Functions -check_for_new_failed() -{ - $Sed -n "$StartLine,\$p" $Authlog | $Egrep "Failed password" \ - &> /dev/null - if [ $? -eq 0 ]; then - New=1 - fi -} - -show_failed_logins() -{ - $Sed -n "$StartLine,\$p" $Authlog | $Egrep "Failed password" | \ - $Sed 's/invalid user//' | \ - $Awk '{ print $1" "$2" "$3" \t"$9"\t\t"$11 }' -} - -save_last_stamp_and_line() -{ - show_failed_logins | $Awk '{ print $1" "$2" "$3 }' \ - | $Sed -n '$p' > $StampTemp - LastStamp=`$Cat $StampTemp` - - $Cat $Authlog | $Sed -n "/$LastStamp/{ - = - p - }" | $Tail -n2 | $Sed -n '/^[0-9]/p' > $LineTemp -} - -# Sanity checks -if [ ! -r $Authlog ]; then - echo "Can't read $Authlog" - exit 1 -fi - -for Bin in $Sed $Awk $Egrep $Mail $Printfi $Cat $Grep $Mktemp $Rm $Tail; do - if [ ! -x $Bin ]; then - echo "Can't execute $Bin" - exit 1 - fi -done - -if [ -e $StampTemp ] || [ -e $LineTemp ]; then - if [ ! -w $StampTemp ] || [ ! -w $LineTemp ] ; then - $Printf "Can't write to temp files, perhaps this script " - $Printf "has been run be a different user before?\n" - $Printf "Consider changing the temp filenames variable\n" - exit 1 - fi -fi - -if [ ! -w /tmp ]; then - echo "Can't write to /tmp" - exit 1 -fi - -### Main ### - -# First of all, check if we have read the log file before and whatever if has -# been rotated -if [ -e $StampTemp ] && [ -e $LineTemp ]; then - $Sed -n "`$Cat $LineTemp`p" $Authlog | $Grep "`$Cat $StampTemp`" \ - > /dev/null - if [ $? -eq 0 ]; then # If the logfile hasn't been - StartLine=`$Cat $LineTemp` # been rotated, set StartLine - ((StartLine++)) # from the last run and +1 - fi -fi - -# Check for new failed login attempts since last run (based on StartLine) -check_for_new_failed - -# Redirect all output below to a temporary file for mailing -MailTemp=`$Mktemp -t failed_logins_mail.XXXXXX` -exec 1> $MailTemp - -if [ $New -eq 1 ]; then # = if there are new failed logins - # Print a nice header - $Printf "Date & time\t\tUser\t\tFrom host\n" - $Printf "-----------\t\t----\t\t---------\n" - - # Print out the latest failed login attempts - show_failed_logins - - # Save the last line and the last timestamp for the next run - save_last_stamp_and_line -fi - -# Mail the failed logins if there are any (ie if the MailTemp file is NOT empty) -if [ -s $MailTemp ]; then - $Mail $Admin -s "Failed logins" < $MailTemp -fi - -# Clean up -if [ -e $MailTemp ]; then - $Rm $MailTemp -fi - -exit 0 diff --git a/Labb8/ovning5/failed_logins_flowchart.png b/Labb8/ovning5/failed_logins_flowchart.png deleted file mode 100644 index a77746c..0000000 Binary files a/Labb8/ovning5/failed_logins_flowchart.png and /dev/null differ diff --git a/Labb8/ovning5/logfile_rotated_notes.pdf b/Labb8/ovning5/logfile_rotated_notes.pdf deleted file mode 100644 index 94ebacd..0000000 Binary files a/Labb8/ovning5/logfile_rotated_notes.pdf and /dev/null differ