Dynmotd: add a find command to get the last auth.log file and print the

number of sudo and ssh auth failed.
This commit is contained in:
Jeremy Gardais 2015-01-28 16:31:33 +01:00
parent f001d412de
commit 2469487031
1 changed files with 13 additions and 12 deletions

25
dynmotd
View File

@ -87,11 +87,13 @@ PROC_COUNT=$(expr $PROC_COUNT - 5)
PROC_LIMIT=$(ulimit) PROC_LIMIT=$(ulimit)
#++++++++++++: Authentication Information :+++++++++++++ #++++++++++++: Authentication Information :+++++++++++++
#AUTH_LOG_FILE=$(find /var/log -iname "auth.log") # Get only one "auth.log" file path, the most recent
#SSH_USER_LOGIN=$(grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${USERNAME}/" | wc -l) # Simpliest way to get it?
#SSH_FAIL_LOGIN=$(grep sshd "${AUTH_LOG_FILE}" | awk '/Failed/' | wc -l) AUTH_LOG_FILE=$(find /var/log -iname 'auth.log' -type f -printf '%TY-%Tm-%Td_%TT %p\n' | sort -r | tail -n1 | cut -d' ' -f2)
#SUDO_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/authentication failure/' | wc -l) SSH_USER_LOGIN=$(grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${USERNAME}/" | wc -l)
#SUDO_3_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/3 incorrect password/' | wc -l) SSH_FAIL_LOGIN=$(grep sshd "${AUTH_LOG_FILE}" | awk '/Failed/' | wc -l)
SUDO_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/authentication failure/' | wc -l)
SUDO_3_FAIL=$(grep sudo "${AUTH_LOG_FILE}" | awk '/3 incorrect password/' | wc -l)
MOTD_ORIG='/etc/motd.orig' MOTD_ORIG='/etc/motd.orig'
@ -122,18 +124,17 @@ ${MAGENTA}+ ${WHITE}Processes\t${MAGENTA}= ${GREEN}$PROC_COUNT of ${PROC_LIMIT}
printf '%b' "\n${MAGENTA}++++++++++++: ${WHITE}Authentication Information${MAGENTA} :+++++++++++++${RESET}" printf '%b' "\n${MAGENTA}++++++++++++: ${WHITE}Authentication Information${MAGENTA} :+++++++++++++${RESET}"
#echo -e "${MAGENTA}++++++++++++: ${WHITE}Authentication Information${MAGENTA} :+++++++++++++${RESET} "
## Count the number of session for all standard's user (with a home/) ## Count the number of session for all standard's user (with a home/)
#for SSH_USER in `ls -1 /home/`; do #for SSH_USER in `ls -1 /home/`; do
#echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")" #echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}" | awk '/sshd/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")"
##echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}".1 | awk '/login/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")" ##echo -e "${MAGENTA}+ ${WHITE}SSH login ${MAGENTA}= ${GREEN}`grep 'session opened' "${AUTH_LOG_FILE}".1 | awk '/login/' | awk "/${SSH_USER}/" | wc -l` times this week ("${SSH_USER}")"
#done #done
## Count the number of failed ssh authentication # Count the number of failed ssh authentication
#echo -e "${MAGENTA}+ ${WHITE}SSH fail ${MAGENTA}= ${GREEN}${SSH_FAIL_LOGIN} fail(s) this week" printf '%b' "\n${MAGENTA}+ ${WHITE}SSH fail\t${MAGENTA}= ${GREEN}${SSH_FAIL_LOGIN} fail(s) this week"
## Count the number of failed sudo authentication # Count the number of failed sudo authentication
#echo -e "${MAGENTA}+ ${WHITE}Sudo fail ${MAGENTA}= ${GREEN}${SUDO_FAIL} fail(s) this week printf '%b' "\n${MAGENTA}+ ${WHITE}Sudo fail\t${MAGENTA}= ${GREEN}${SUDO_FAIL} fail(s) this week
#${MAGENTA}+ ${WHITE}Sudo 3 fails ${MAGENTA}= ${GREEN}${SUDO_3_FAIL} fail(s) this week" ${MAGENTA}+ ${WHITE}Sudo 3 fails\t${MAGENTA}= ${GREEN}${SUDO_3_FAIL} fail(s) this week"
printf '%b' "\n${MAGENTA}++++++++++++++++++++: ${WHITE}Disk Usage${MAGENTA} :+++++++++++++++++++++${RESET}" printf '%b' "\n${MAGENTA}++++++++++++++++++++: ${WHITE}Disk Usage${MAGENTA} :+++++++++++++++++++++${RESET}"
# Root partition # Root partition