May 2017
Beginner
552 pages
28h 47m
English
Content preview from Linux Shell Scripting Cookbook - Third Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
How to do it...
The intrusion detection script resembles this:
#!/bin/bash
#Filename: intruder_detect.sh
#Description: Intruder reporting tool with auth.log input
AUTHLOG=/var/log/auth.log
if [[ -n $1 ]];
then
AUTHLOG=$1
echo Using Log file : $AUTHLOG
fi
# Collect the failed login attempts
LOG=/tmp/failed.$$.log
grep "Failed pass" $AUTHLOG > $LOG
# extract the users who failed
users=$(cat $LOG | awk '{ print $(NF-5) }' | sort | uniq)
# extract the IP Addresses of failed attempts
ip_list="$(egrep -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" $LOG | sort | uniq)"
printf "%-10s|%-3s|%-16s|%-33s|%s\n" "User" "Attempts" "IP address" \
"Host" "Time range"
# Loop through IPs and Users who failed.
for ip in $ip_list;
do
for user in $users;
do
# Count ...