#!/bin/bash
#########################################################################
#                        Script for check LOGINS                        #
#                           Created by PM-DoIT                          #
#				                          ver 0.1					                      #
#########################################################################

#----------------------------- DEFINITIONS -----------------------------#
SRV=$(hostname -s)
IGN="root|www-data|pi|service_account"

#------------------------------ VARIABLES ------------------------------#
test -f /var/log/secure && LOG="/var/log/secure"
test -f /var/log/auth.log && LOG="/var/log/auth.log"
test -f /var/log/radius/radius.log && LOGR=/var/log/radius/radius.log

#------------------------------ EXTRACT --------------------------------#
aaa(){
echo -e "- \e[1;36mCollect\e[0m [\e[1;33mLDAP/LOCAL\e[0m] \e[1;36mlogins\e[0m"
cat $LOG | grep -i "Failed" | egrep -v "$IGN" | awk '{print $1,$2,$3,$4,$(NF-5),$(NF-3),"LDAP"}' | awk '!seen[$0]++' > /tmp/logins.failed
cat $LOG | grep -i "session opened" | egrep -v "$IGN" | awk '{print $1,$2,$3,$4,$(NF-2)}' | awk '!seen[$0]++' | sed 's/(/ /g' | awk 'NF{NF-=1};1' | sed 's/$/ xxx.xxx.xxx.xxx LDAP/' > /tmp/logins.success
}

rad(){
echo -e "- \e[1;36mCollect\e[0m [\e[1;33mRADIUS\e[0m] \e[1;36mlogins\e[0m"
cat $LOGR | grep "Login incorrect" | egrep -v "$IGN" | awk '{print $2,$3,$4,"htsipa01.hts.local",$(NF-7),$NF,"RAD"}' | awk '!seen[$0]++' | sed 's/)//g' >> /tmp/logins.failed
cat $LOGR | grep "Invalid user" | egrep -v "$IGN" | awk '{print $2,$3,$4,"htsipa01.hts.local",$(NF-7),$NF,"RAD"}' | awk '!seen[$0]++' | sed 's/)//g' >> /tmp/logins.failed
cat $LOGR | grep "Login OK" | egrep -v "$IGN" | awk '{print $2,$3,$4,"htsipa01.hts.local",$(NF-5),$(NF-2),"RAD"}' | awk '!seen[$0]++' | sed 's/)//g' >> /tmp/logins.success
}

sum(){
CSUC=$(cat /tmp/logins.success | wc -l)
CFAI=$(cat /tmp/logins.failed | wc -l)
}

#------------------------------- CORE ----------------------------------#
clear
aaa
test -f /var/log/radius/radius.log && rad
sum
echo -e "- \e[1;32mSuccess\e[0m [\e[1;33m$CSUC\e[0m] Logins: [\e[1;32m/tmp/logins.success\e[0m]"
echo -e "- \e[1;31mFailed\e[0m [\e[1;33m$CFAI\e[0m] Logins: [\e[1;31m/tmp/logins.failed\e[0m]"