在Linux上检查用户登录成功与失败的shell脚本
Linux管理员的典型任务之一是检查Linux系统中成功和失败的登录尝试。
手动验证它们非常困难,因为“ /var/log/secure”文件的输出看起来很尴尬。
为了使此操作更轻松,更有效,我们需要编写一个bash脚本。
是的,您可以使用以下Bash脚本实现此目的。
这些脚本将显示给定日期登录系统的用户数。此外,它显示成功的登录尝试和失败的登录尝试。
第一个外壳脚本允许您验证“ /var/log/secure”文件中可用日期的用户访问信息。
第二个shell脚本允许您每天发送包含用户访问信息的邮件。
方法1:在Linux上检查用户登录成功与失败的Shell脚本
该脚本使您可以从终端验证给定日期的用户访问信息。
# vi /opt/scripts/user-access-details.sh
#!/bin/bash
echo ""
echo -e "Enter the Date, Use Double Space for date from 1 to 9 (Nov 3) and use Single Space for date from 10 to 31 (Nov 30): c"
read yday
MYPATH=/var/log/secure*
tuser=$(grep "$yday" $MYPATH | grep "Accepted|Failed" | wc -l)
suser=$(grep "$yday" $MYPATH | grep "Accepted password|Accepted publickey|keyboard-interactive" | wc -l)
fuser=$(grep "$yday" $MYPATH | grep "Failed password" | wc -l)
scount=$(grep "$yday" $MYPATH | grep "Accepted" | awk '{print $9;}' | sort | uniq -c)
fcount=$(grep "$yday" $MYPATH | grep "Failed" | awk '{print $9;}' | sort | uniq -c)
echo "--------------------------------------------"
echo " User Access Report on: $yday"
echo "--------------------------------------------"
echo "Number of Users logged on System: $tuser"
echo "Successful logins attempt: $suser"
echo "Failed logins attempt: $fuser"
echo "--------------------------------------------"
echo -e "Success User Details:n $scount"
echo "--------------------------------------------"
echo -e "Failed User Details:n $fcount"
echo "--------------------------------------------"
将可执行的Linux文件权限设置为“ user-access-details-1.sh”文件。
#chmod +x /opt/scripts/user-access-details-1.sh
运行脚本时,您将收到类似以下的警报。
# sh /opt/scripts/user-access-details.sh
Enter the Date, Use Double Space for date from 1 to 9 (Nov 3) and use Single Space for date from 10 to 31 (Nov 30): Nov 6
------------------------------------------
User Access Report on: Nov 6
------------------------------------------
Number of Users logged on System: 1
Successful logins attempt: 1
Failed logins attempt: 0
------------------------------------------
Success User Details:
1 root
------------------------------------------
Failed User Details:
------------------------------------------
运行脚本时,您将收到类似以下的警报。
# sh /opt/scripts/user-access-details.sh
Enter the Date, Use Double Space for date from 1 to 9 (Nov 3) and use Single Space for date from 10 to 31 (Nov 30): Nov 30
------------------------------------------
User Access Report on: Nov 30
------------------------------------------
Number of Users logged on System: 20
Successful logins attempt: 14
Failed logins attempt: 6
------------------------------------------
Success User Details:
1 daygeek
1 root
3 u1
4 u2
1 u3
2 u4
2 u5
------------------------------------------
Failed User Details:
3 u1
3 u4
------------------------------------------
方法2:使用shell脚本通过电子邮件警报检查成功和失败的用户登录尝试。
该shell脚本允许您每天通过电子邮件发送包含用户访问详细信息的邮件,以获取昨天的日期。
# vi /opt/scripts/user-access-details-2.sh
#!/bin/bash
/tmp/u-access.txt
SUBJECT="User Access Reports on "date""
MESSAGE="/tmp/u-access.txt"
TO="daygeek@gmail.com"
MYPATH=/var/log/secure*
yday=$(date --date='yesterday' | awk '{print $2,$3}')
tuser=$(grep "$yday" $MYPATH | grep "Accepted|Failed" | wc -l)
suser=$(grep "$yday" $MYPATH | grep "Accepted password|Accepted publickey|keyboard-interactive" | wc -l)
fuser=$(grep "$yday" $MYPATH | grep "Failed password" | wc -l)
scount=$(grep "$yday" $MYPATH | grep "Accepted" | awk '{print $9;}' | sort | uniq -c)
fcount=$(grep "$yday" $MYPATH | grep "Failed" | awk '{print $9;}' | sort | uniq -c)
echo "--------------------------------------------" >> $MESSAGE
echo " User Access Report on: $yday" >> $MESSAGE
echo "--------------------------------------------" >> $MESSAGE
echo "Number of Users logged on System: $tuser" >> $MESSAGE
echo "Successful logins attempt: $suser" >> $MESSAGE
echo "Failed logins attempt: $fuser" >> $MESSAGE
echo "--------------------------------------------" >> $MESSAGE
echo -e "Success User Details:n $scount" >> $MESSAGE
echo "--------------------------------------------" >> $MESSAGE
echo -e "Failed User Details:n $fcount" >> $MESSAGE
echo "--------------------------------------------" >> $MESSAGE
mail -s "$SUBJECT" "$TO" < $MESSAGE
将可执行权限设置为“ user-access-details-2.sh”文件。
#chmod +x /opt/scripts/user-access-details-2.sh
最后添加一个cronjob以使其自动化。它将每天8点运行。
# crontab -e
0 8 * * * /bin/bash /opt/scripts/user-access-details-2.sh
注意:每天8点您将收到一封电子邮件警报,用于提醒前一天的用户访问信息。
©著作权归作者所有,如需转载,请注明出处,否则将追究法律责任