From 24694870314be78a14bc66f84aa89bc63bff736c Mon Sep 17 00:00:00 2001 From: Gardouille Date: Wed, 28 Jan 2015 16:31:33 +0100 Subject: [PATCH] Dynmotd: add a find command to get the last auth.log file and print the number of sudo and ssh auth failed. --- dynmotd | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/dynmotd b/dynmotd index 4edba84..d3da0a5 100755 --- a/dynmotd +++ b/dynmotd @@ -87,11 +87,13 @@ PROC_COUNT=$(expr $PROC_COUNT - 5) PROC_LIMIT=$(ulimit) #++++++++++++: Authentication Information :+++++++++++++ -#AUTH_LOG_FILE=$(find /var/log -iname "auth.log") -#SSH_USER_LOGIN=$(grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${USERNAME}/" | wc -l) -#SSH_FAIL_LOGIN=$(grep sshd "${AUTH_LOG_FILE}" | awk '/Failed/' | wc -l) -#SUDO_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/authentication failure/' | wc -l) -#SUDO_3_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/3 incorrect password/' | wc -l) +# Get only one "auth.log" file path, the most recent +# Simpliest way to get it? +AUTH_LOG_FILE=$(find /var/log -iname 'auth.log' -type f -printf '%TY-%Tm-%Td_%TT %p\n' | sort -r | tail -n1 | cut -d' ' -f2) +SSH_USER_LOGIN=$(grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${USERNAME}/" | wc -l) +SSH_FAIL_LOGIN=$(grep sshd "${AUTH_LOG_FILE}" | awk '/Failed/' | wc -l) +SUDO_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/authentication failure/' | wc -l) +SUDO_3_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/3 incorrect password/' | wc -l) MOTD_ORIG='/etc/motd.orig' @@ -122,18 +124,17 @@ ${MAGENTA}+ ${WHITE}Processes\t${MAGENTA}= ${GREEN}$PROC_COUNT of ${PROC_LIMIT} printf '%b' "\n${MAGENTA}++++++++++++: ${WHITE}Authentication Information${MAGENTA} :+++++++++++++${RESET}" - -#echo -e "${MAGENTA}++++++++++++: ${WHITE}Authentication Information${MAGENTA} :+++++++++++++${RESET} " ## Count the number of session for all standard's user (with a home/) #for SSH_USER in `ls -1 /home/`; do #echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")" ##echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}".1 | awk '/login/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")" #done -## Count the number of failed ssh authentication -#echo -e "${MAGENTA}+ ${WHITE}SSH fail ${MAGENTA}= ${GREEN}${SSH_FAIL_LOGIN} fail(s) this week" -## Count the number of failed sudo authentication -#echo -e "${MAGENTA}+ ${WHITE}Sudo fail ${MAGENTA}= ${GREEN}${SUDO_FAIL} fail(s) this week -#${MAGENTA}+ ${WHITE}Sudo 3 fails ${MAGENTA}= ${GREEN}${SUDO_3_FAIL} fail(s) this week" +# Count the number of failed ssh authentication +printf '%b' "\n${MAGENTA}+ ${WHITE}SSH fail\t${MAGENTA}= ${GREEN}${SSH_FAIL_LOGIN} fail(s) this week" +# Count the number of failed sudo authentication +printf '%b' "\n${MAGENTA}+ ${WHITE}Sudo fail\t${MAGENTA}= ${GREEN}${SUDO_FAIL} fail(s) this week +${MAGENTA}+ ${WHITE}Sudo 3 fails\t${MAGENTA}= ${GREEN}${SUDO_3_FAIL} fail(s) this week" + printf '%b' "\n${MAGENTA}++++++++++++++++++++: ${WHITE}Disk Usage${MAGENTA} :+++++++++++++++++++++${RESET}" # Root partition