jegardai
/
scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dynmotd: Remove the awk command to get number of occurrence .. useless 

with a regex for grep.
* A function return the number of occurrence with a color (green:=0;
* red:!=0).
This commit is contained in:
Jeremy Gardais 2015-01-28 17:25:37 +01:00
parent 2469487031
commit 023c284f01
1 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
dynmotd
View File

@ -42,7 +42,7 @@ process_info() {
fi fi
done done
printf "%b" "${MSG}" printf '%b' "${MSG}"
} }
## Return the listening socket ## Return the listening socket
@ -63,9 +63,26 @@ service_info() {
fi fi
done done
printf "%b" "${MSG}" printf '%b' "${MSG}"
} }
## Return the number of occurrence a pattern is present in a file
# and a color (red:>0, green:=0)
occur_num() {
local GREP_PAT="${1}"
local FILE="${2}"
NUM=$(grep "${GREP_PAT}" "${FILE}" | wc -l)
if [ "${NUM}" = "0" ]; then
MSG="${GREEN}${NUM}"
else
MSG="${REDB}${NUM}"
fi
printf '%b' "${MSG}"
}
#+++++++++++++++++++: System Data :+++++++++++++++++++ #+++++++++++++++++++: System Data :+++++++++++++++++++
HOSTNAME=$(hostname) HOSTNAME=$(hostname)
NET_ADDR=$(hostname -I) NET_ADDR=$(hostname -I)
@ -91,9 +108,6 @@ PROC_LIMIT=$(ulimit)
# Simpliest way to get it? # Simpliest way to get it?
AUTH_LOG_FILE=$(find /var/log -iname 'auth.log' -type f -printf '%TY-%Tm-%Td_%TT %p\n' | sort -r | tail -n1 | cut -d' ' -f2) AUTH_LOG_FILE=$(find /var/log -iname 'auth.log' -type f -printf '%TY-%Tm-%Td_%TT %p\n' | sort -r | tail -n1 | cut -d' ' -f2)
SSH_USER_LOGIN=$(grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${USERNAME}/" | wc -l) SSH_USER_LOGIN=$(grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${USERNAME}/" | wc -l)
SSH_FAIL_LOGIN=$(grep sshd "${AUTH_LOG_FILE}" | awk '/Failed/' | wc -l)
SUDO_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/authentication failure/' | wc -l)
SUDO_3_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/3 incorrect password/' | wc -l)
MOTD_ORIG='/etc/motd.orig' MOTD_ORIG='/etc/motd.orig'
@ -129,9 +143,13 @@ printf '%b' "\n${MAGENTA}++++++++++++: ${WHITE}Authentication Information${MAGEN
#echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")" #echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")"
##echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}".1 | awk '/login/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")" ##echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}".1 | awk '/login/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")"
#done #done
# Count the number of failed ssh authentication # Count the number of failed ssh authentication
printf '%b' "\n${MAGENTA}+ ${WHITE}SSH fail\t${MAGENTA}= ${GREEN}${SSH_FAIL_LOGIN} fail(s) this week" SSH_FAIL_LOGIN=$(occur_num 'sshd.*Failed' "${AUTH_LOG_FILE}")
printf '%b' "\n${MAGENTA}+ ${WHITE}SSH fail\t${MAGENTA}= ${SSH_FAIL_LOGIN} fail(s) this week"
# Count the number of failed sudo authentication # Count the number of failed sudo authentication
SUDO_FAIL=$(occur_num 'sudo.*authentication failure' "${AUTH_LOG_FILE}")
SUDO_3_FAIL=$(occur_num 'sudo.*3 incorrect password' "${AUTH_LOG_FILE}")
printf '%b' "\n${MAGENTA}+ ${WHITE}Sudo fail\t${MAGENTA}= ${GREEN}${SUDO_FAIL} fail(s) this week printf '%b' "\n${MAGENTA}+ ${WHITE}Sudo fail\t${MAGENTA}= ${GREEN}${SUDO_FAIL} fail(s) this week
${MAGENTA}+ ${WHITE}Sudo 3 fails\t${MAGENTA}= ${GREEN}${SUDO_3_FAIL} fail(s) this week" ${MAGENTA}+ ${WHITE}Sudo 3 fails\t${MAGENTA}= ${GREEN}${SUDO_3_FAIL} fail(s) this week"