#!/bin/bash
#main application:入侵报告生成工具,以auth.log作为日志文件为例
AUTHLOG=/var/log/auth.log
if [[ -n $1 ]];then
AUTHLOG=$1
echo -e "\033[1;31mUsing Log File:$AUTHLOG\033[0m"
fi
LOG=/tmp/valid.$$.log
#grep -i "Failed Password" $AUTHLOG |grep -v "invalid" >$LOG
#grep -v "invalid" $AUTHLOG >$LOG
#users=$(grep -i "Failed Password" $LOG |awk '{print $(NF-5)}' |sort -u)
grep -i "Failed Password" $AUTHLOG >$LOG
users=$(grep -i "Failed Password" $LOG |awk -F "for|from" '{print $2}'|awk '{print $NF}'|sort -u)
printf "%-5s|%-10s|%-10s|%-13s|%-33s|%s\n" "Sr#" "User" "Attempts" "Ip Address" "Host_Mapping" "Time Range"
account=0
ip_list=$(egrep -o "([0-9]+\.){3}[0-9]+" $LOG |sort -u)
for ip in $ip_list
do
grep $ip $LOG > /tmp/temp.$$.log
for
Shell脚本之入侵检测报告
最新推荐文章于 2024-06-20 21:46:30 发布