很多年前写的,用于每天分析messages,看有多少人试图登录SSH,多少人密码错误,多少人成功登录,并将结果发送到邮箱。
#!/bin/sh
###############################
### File_define ###
###############################
SECU_LOG=/lk/secu_log
FAILED_TMP=/tmp/failed_tmp
ACCEPTED_TMP=/tmp/accepted_tmp
TMP=/tmp/date_tmp
###############################
#### check_date ####
###############################
function check_date
{
DAY=`date +%d`
#echo $DATE
> $TMP
oldifs=$IFS
IFS=
FG=6
case $DAY in
01)
DAY=" 1"
FG=7
;;
02)
DAY=" 2"
FG=7
;;
03)
DAY=" 3"
FG=7
;;
04)
DAY=" 4"
FG=7
;;
05)
DAY=" 5"
FG=7
;;
06)
DAY=" 6"
FG=7
;;
07)
DAY=" 7"
FG=7
;;
08)
DAY=" 8"
FG=7
;;
09)
DAY=" 9"
FG=7
;;
esac
MONTH=`date +%b`
grep -w "$MONTH $DAY" $1|cut -d " " -f $FG- >> $TMP
echo $MONTH$DAY
#echo $MONTH$DAY
IFS=$oldifs
}
###############################
## get Accepted ##
###############################
function get_Accepted
{
echo -e "Accepted top 10 \n" >$SECU_LOG
grep -w "Accepted" $TMP |cut -d " " -f 1-6 > $ACCEPTED_TMP
cat $ACCEPTED_TMP|grep ^[^$]|uniq -c|sort -nr >> $SECU_LOG
}
###############################
## get Failed ##
###############################
#root
function get_Failed
{
echo -e "\nFailed top 10 \n" >>$SECU_LOG
grep -w "Failed password for root" $TMP|cut -d " " -f 1-6 > $FAILED_TMP
cat "$FAILED_TMP" | grep ^[^$] | sort |uniq -c | sort -nr >> $SECU_LOG
#Illegal
echo -e "\ninvalid top 10 \n" >>$SECU_LOG
grep -w "invalid" $TMP | cut -d " " -f 1-2,8 > $FAILED_TMP
cat "$FAILED_TMP" | grep ^[^$]|uniq -c | sort -nr >> $SECU_LOG
}
###############################
### del_tmp ###
###############################
function del_tmp
{
rm -f "$ACCEPTED_TMP"
rm -f "$FAILED_TMP"
rm -f "$TMP"
}
###############################
### Main ###
###############################
check_date /var/log/secure
rm -f $SECU_LOG
get_Accepted
get_Failed
del_tmp
DATE=`date +%D`
echo -e "\n" >> $SECU_LOG
echo "##########Disk Info -m########">>$SECU_LOG
df -m>>$SECU_LOG
echo "##########Backlist#########">>$SECU_LOG
cat /lk/backlist >>$SECU_LOG
mail -s "MailServer Secure Top 10 --- $DATE" < "$SECU_LOG"
阅读(1824) | 评论(0) | 转发(0) |
