diff --git a/dynmotd b/dynmotd index d3da0a5..e4f080a 100755 --- a/dynmotd +++ b/dynmotd @@ -42,7 +42,7 @@ process_info() { fi done - printf "%b" "${MSG}" + printf '%b' "${MSG}" } ## Return the listening socket @@ -63,9 +63,26 @@ service_info() { fi done - printf "%b" "${MSG}" + printf '%b' "${MSG}" } +## Return the number of occurrence a pattern is present in a file +# and a color (red:>0, green:=0) +occur_num() { + local GREP_PAT="${1}" + local FILE="${2}" + + NUM=$(grep "${GREP_PAT}" "${FILE}" | wc -l) + if [ "${NUM}" = "0" ]; then + MSG="${GREEN}${NUM}" + else + MSG="${REDB}${NUM}" + fi + + printf '%b' "${MSG}" +} + + #+++++++++++++++++++: System Data :+++++++++++++++++++ HOSTNAME=$(hostname) NET_ADDR=$(hostname -I) @@ -91,9 +108,6 @@ PROC_LIMIT=$(ulimit) # Simpliest way to get it? AUTH_LOG_FILE=$(find /var/log -iname 'auth.log' -type f -printf '%TY-%Tm-%Td_%TT %p\n' | sort -r | tail -n1 | cut -d' ' -f2) SSH_USER_LOGIN=$(grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${USERNAME}/" | wc -l) -SSH_FAIL_LOGIN=$(grep sshd "${AUTH_LOG_FILE}" | awk '/Failed/' | wc -l) -SUDO_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/authentication failure/' | wc -l) -SUDO_3_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/3 incorrect password/' | wc -l) MOTD_ORIG='/etc/motd.orig' @@ -129,9 +143,13 @@ printf '%b' "\n${MAGENTA}++++++++++++: ${WHITE}Authentication Information${MAGEN #echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")" ##echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}".1 | awk '/login/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")" #done + # Count the number of failed ssh authentication -printf '%b' "\n${MAGENTA}+ ${WHITE}SSH fail\t${MAGENTA}= ${GREEN}${SSH_FAIL_LOGIN} fail(s) this week" +SSH_FAIL_LOGIN=$(occur_num 'sshd.*Failed' "${AUTH_LOG_FILE}") +printf '%b' "\n${MAGENTA}+ ${WHITE}SSH fail\t${MAGENTA}= ${SSH_FAIL_LOGIN} fail(s) this week" # Count the number of failed sudo authentication +SUDO_FAIL=$(occur_num 'sudo.*authentication failure' "${AUTH_LOG_FILE}") +SUDO_3_FAIL=$(occur_num 'sudo.*3 incorrect password' "${AUTH_LOG_FILE}") printf '%b' "\n${MAGENTA}+ ${WHITE}Sudo fail\t${MAGENTA}= ${GREEN}${SUDO_FAIL} fail(s) this week ${MAGENTA}+ ${WHITE}Sudo 3 fails\t${MAGENTA}= ${GREEN}${SUDO_3_FAIL} fail(s) this week"