#!/bin/sh
echo -e “\e[31;1m特权用户(uid 为0): \e[0m”
awk -F: ‘$3==0{print $1}’ /etc/passwd
echo -e “\n”
echo -e “\e[31;1m可以远程登录的帐号信息: \e[0m”
awk ‘/$1|$6/{print $1}’ /etc/shadow
echo -e “\n”
echo -e “\e[31;1m密码错误日志: \e[0m”
grep -o “Failed password” /var/log/secure|uniq -c
echo -e “\n”
echo -e “\e[31;1m登录成功的日期、用户名、IP: \e[0m”
grep "Accepted " /var/log/secure | awk ‘{print $1,$2,$3,$9,$11}’
echo -e “\n”
echo -e “\e[31;1m登录成功的IP: \e[0m”
grep "Accepted " /var/log/secure | awk ‘{print $11}’ | sort | uniq -c | sort -nr
echo -e “\n”
echo -e “\e[31;1m爆破时间范围: (开始/结束): \e[0m”
grep “Failed password” /var/log/secure|head -1
grep “Failed password” /var/log/secure|tail -1
echo -e “\n”
echo -e “\e[31;1m爆破 IP 列表: \e[0m”
grep “Failed password” /var/log/secure|grep -E -o “(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)”|uniq -c | sort -nr
echo -e “\n”
echo -e “\e[31;1m爆破用户名字典: \e[0m”
grep “Failed password” /var/log/secure|perl -e ‘while($_=<>){ /for(.*?) from/; print “$1\n”;}’|uniq -c|sort -nr
echo -e “\n”