Script for check success/failed LDAP/Radius logins

logins.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+#########################################################################
+#                        Script for check LOGINS                        #
+#                           Created by PM-DoIT                          #
+#				                          ver 0.1					                      #
+#########################################################################
+
+#----------------------------- DEFINITIONS -----------------------------#
+SRV=$(hostname -s)
+IGN="root|www-data|pi|service_account"
+
+#------------------------------ VARIABLES ------------------------------#
+test -f /var/log/secure && LOG="/var/log/secure"
+test -f /var/log/auth.log && LOG="/var/log/auth.log"
+test -f /var/log/radius/radius.log && LOGR=/var/log/radius/radius.log
+
+#------------------------------ EXTRACT --------------------------------#
+aaa(){
+echo -e "- \e[1;36mCollect\e[0m [\e[1;33mLDAP/LOCAL\e[0m] \e[1;36mlogins\e[0m"
+cat $LOG | grep -i "Failed" | egrep -v "$IGN" | awk '{print $1,$2,$3,$4,$(NF-5),$(NF-3),"LDAP"}' | awk '!seen[$0]++' > /tmp/logins.failed
+cat $LOG | grep -i "session opened" | egrep -v "$IGN" | awk '{print $1,$2,$3,$4,$(NF-2)}' | awk '!seen[$0]++' | sed 's/(/ /g' | awk 'NF{NF-=1};1' | sed 's/$/ xxx.xxx.xxx.xxx LDAP/' > /tmp/logins.success
+}
+
+rad(){
+echo -e "- \e[1;36mCollect\e[0m [\e[1;33mRADIUS\e[0m] \e[1;36mlogins\e[0m"
+cat $LOGR | grep "Login incorrect" | egrep -v "$IGN" | awk '{print $2,$3,$4,"htsipa01.hts.local",$(NF-7),$NF,"RAD"}' | awk '!seen[$0]++' | sed 's/)//g' >> /tmp/logins.failed
+cat $LOGR | grep "Invalid user" | egrep -v "$IGN" | awk '{print $2,$3,$4,"htsipa01.hts.local",$(NF-7),$NF,"RAD"}' | awk '!seen[$0]++' | sed 's/)//g' >> /tmp/logins.failed
+cat $LOGR | grep "Login OK" | egrep -v "$IGN" | awk '{print $2,$3,$4,"htsipa01.hts.local",$(NF-5),$(NF-2),"RAD"}' | awk '!seen[$0]++' | sed 's/)//g' >> /tmp/logins.success
+}
+
+sum(){
+CSUC=$(cat /tmp/logins.success | wc -l)
+CFAI=$(cat /tmp/logins.failed | wc -l)
+}
+
+#------------------------------- CORE ----------------------------------#
+clear
+aaa
+test -f /var/log/radius/radius.log && rad
+sum
+echo -e "- \e[1;32mSuccess\e[0m [\e[1;33m$CSUC\e[0m] Logins: [\e[1;32m/tmp/logins.success\e[0m]"
+echo -e "- \e[1;31mFailed\e[0m [\e[1;33m$CFAI\e[0m] Logins: [\e[1;31m/tmp/logins.failed\e[0m]"