Etusivu Tutki Apua
Kirjaudu sisään
pmacko
/
UNI
1
0
Haarauta 0
Tiedostot
Haara: master
Haarat Tunnisteet
UNI
/
logins.sh

logins.sh 2.2 KB
Pysyvä linkki Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142 
  1. #!/bin/bash
    2. 

  2. #########################################################################
    3. 

  3. #                        Script for check LOGINS                        #
    4. 

  4. #                           Created by PM-DoIT                          #
    5. 

  5. #				                          ver 0.1					                      #
    6. 

  6. #########################################################################
    7. 

  7. 

  8. #----------------------------- DEFINITIONS -----------------------------#
    9. 

  9. SRV=$(hostname -s)
    10. 

  10. IGN="root|www-data|pi|service_account"
    11. 

  11. 

  12. #------------------------------ VARIABLES ------------------------------#
    13. 

  13. test -f /var/log/secure && LOG="/var/log/secure"
    14. 

  14. test -f /var/log/auth.log && LOG="/var/log/auth.log"
    15. 

  15. test -f /var/log/radius/radius.log && LOGR=/var/log/radius/radius.log
    16. 

  16. 

  17. #------------------------------ EXTRACT --------------------------------#
    18. 

  18. aaa(){
    19. 

  19. echo -e "- \e[1;36mCollect\e[0m [\e[1;33mLDAP/LOCAL\e[0m] \e[1;36mlogins\e[0m"
    20. 

  20. cat $LOG | grep -i "Failed" | egrep -v "$IGN" | awk '{print $1,$2,$3,$4,$(NF-5),$(NF-3),"LDAP"}' | awk '!seen[$0]++' > /tmp/logins.failed
    21. 

  21. cat $LOG | grep -i "session opened" | egrep -v "$IGN" | awk '{print $1,$2,$3,$4,$(NF-2)}' | awk '!seen[$0]++' | sed 's/(/ /g' | awk 'NF{NF-=1};1' | sed 's/$/ xxx.xxx.xxx.xxx LDAP/' > /tmp/logins.success
    22. 

  22. }
    23. 

  23. 

  24. rad(){
    25. 

  25. echo -e "- \e[1;36mCollect\e[0m [\e[1;33mRADIUS\e[0m] \e[1;36mlogins\e[0m"
    26. 

  26. cat $LOGR | grep "Login incorrect" | egrep -v "$IGN" | awk '{print $2,$3,$4,"htsipa01.hts.local",$(NF-7),$NF,"RAD"}' | awk '!seen[$0]++' | sed 's/)//g' >> /tmp/logins.failed
    27. 

  27. cat $LOGR | grep "Invalid user" | egrep -v "$IGN" | awk '{print $2,$3,$4,"htsipa01.hts.local",$(NF-7),$NF,"RAD"}' | awk '!seen[$0]++' | sed 's/)//g' >> /tmp/logins.failed
    28. 

  28. cat $LOGR | grep "Login OK" | egrep -v "$IGN" | awk '{print $2,$3,$4,"htsipa01.hts.local",$(NF-5),$(NF-2),"RAD"}' | awk '!seen[$0]++' | sed 's/)//g' >> /tmp/logins.success
    29. 

  29. }
    30. 

  30. 

  31. sum(){
    32. 

  32. CSUC=$(cat /tmp/logins.success | wc -l)
    33. 

  33. CFAI=$(cat /tmp/logins.failed | wc -l)
    34. 

  34. }
    35. 

  35. 

  36. #------------------------------- CORE ----------------------------------#
    37. 

  37. clear
    38. 

  38. aaa
    39. 

  39. test -f /var/log/radius/radius.log && rad
    40. 

  40. sum
    41. 

  41. echo -e "- \e[1;32mSuccess\e[0m [\e[1;33m$CSUC\e[0m] Logins: [\e[1;32m/tmp/logins.success\e[0m]"
    42. 

  42. echo -e "- \e[1;31mFailed\e[0m [\e[1;33m$CFAI\e[0m] Logins: [\e[1;31m/tmp/logins.failed\e[0m]"
    43.