28 lines
1.1 KiB
Markdown
28 lines
1.1 KiB
Markdown
# failed\_logins.sh #
|
|
This is a small Bash script I wrote for a programming & scripting course at
|
|
school. The script checks for failed SSH logins in /var/log/auth.log by default.
|
|
The failed logins are then sent by e-mail to the admin user specified in the
|
|
Admin variable.
|
|
The script only mails new failed login attempts since it was last run to avoid
|
|
cluttering the admin's mailbox.
|
|
|
|
## Usage ##
|
|
The script is meant to run from a cronjob, for example once every hour or day
|
|
or whatever suits your needs. An example (15 minutes after every hour) would be:
|
|
```
|
|
15 * * * * /home/admin/failed_logins.sh
|
|
```
|
|
|
|
## Compability ##
|
|
So far I've only tested it on Ubuntu 13.04. The binaries used in the script are
|
|
hardcoded to avoid unsane environments. The path to these hardcoded binaries
|
|
could change on other Linux dists and other *NIX.
|
|
|
|
The script uses sed, awk (standrad awk), egrep, cat, printf, mail, rm, tail,
|
|
mktemp and regular grep. All of these utilities are pretty standard on a
|
|
Debian/Ubuntu machine, except for mail which is not included in for example
|
|
Ubuntu Desktop. On both Ubuntu and Debian this can be installed with
|
|
`sudo apt-get install mailutils`.
|
|
|
|
|