通过以下两个Bash脚本,可检查Linux操作系统中成功和失败的登录尝试。其实手动验证非常困难,因为“/var/log/secure”文件的输出看起来很麻烦,所以使用Bash脚本来实现就方便多了。文中包含了两个Shell脚本,这些脚本将显示给定日期登录系统的用户数,此外,它显示成功的登录尝试和失败的登录尝试,第一个Shell程序脚本使您可以验证“/var/log/secure”文件中可用日期的用户访问信息。第二个bash脚本允许您每天发送包含用户访问信息的邮件。
Shell脚本一:在Linux上检查用户登录成功和失败 该脚本使您可以从终端验证给定日期的用户访问信息: # vi /opt/scripts/user-access-details.sh #!/bin/bash echo "" echo -e "Enter the Date, Use Double Space for date from 1 to 9 (Nov 3) and use Single Space for date from 10 to 31 (Nov 30): \c" read yday MYPATH=/var/log/secure* tuser=$(grep "$yday" $MYPATH | grep "Accepted|Failed" | wc -l) suser=$(grep "$yday" $MYPATH | grep "Accepted password|Accepted publickey|keyboard-interactive" | wc -l) fuser=$(grep "$yday" $MYPATH | grep "Failed password" | wc -l) scount=$(grep "$yday" $MYPATH | grep "Accepted" | awk '{print $9;}' | sort | uniq -c) fcount=$(grep "$yday" $MYPATH | grep "Failed" | awk '{print $9;}' | sort | uniq -c) echo "--------------------------------------------" echo " User Access Report on: $yday" echo "--------------------------------------------" echo "Number of Users logged on System: $tuser" echo "Successful logins attempt: $suser" echo "Failed logins attempt: $fuser" echo "--------------------------------------------" echo -e "Success User Details:\n $scount" echo "--------------------------------------------" echo -e "Failed User Details:\n $fcount" echo "--------------------------------------------" 将可执行的Linux文件权限设置为“user-access-details-1.sh”文件: # chmod +x /opt/scripts/user-access-details-1.sh 运行脚本时,您将收到类似于以下内容的警报: # sh /opt/scripts/user-access-details.sh
运行脚本时,您将收到类似于以下内容的警报: # sh /opt/scripts/user-access-details.sh
Bash脚本二:检查成功和失败的用户登录尝试,定时发送电子邮件警报 这个Bash脚本能获取到包含用户访问详细信息的邮件,请注意修改成自己的电子邮箱,以获取昨天的日期: # vi /opt/scripts/user-access-details-2.sh #!/bin/bash /tmp/u-access.txt SUBJECT="User Access Reports on "date"" MESSAGE="/tmp/u-access.txt" TO="249562751@qq.com" MYPATH=/var/log/secure* yday=$(date --date='yesterday' | awk '{print $2,$3}') tuser=$(grep "$yday" $MYPATH | grep "Accepted|Failed" | wc -l) suser=$(grep "$yday" $MYPATH | grep "Accepted password|Accepted publickey|keyboard-interactive" | wc -l) fuser=$(grep "$yday" $MYPATH | grep "Failed password" | wc -l) scount=$(grep "$yday" $MYPATH | grep "Accepted" | awk '{print $9;}' | sort | uniq -c) fcount=$(grep "$yday" $MYPATH | grep "Failed" | awk '{print $9;}' | sort | uniq -c) echo "--------------------------------------------" >> $MESSAGE echo " User Access Report on: $yday" >> $MESSAGE echo "--------------------------------------------" >> $MESSAGE echo "Number of Users logged on System: $tuser" >> $MESSAGE echo "Successful logins attempt: $suser" >> $MESSAGE echo "Failed logins attempt: $fuser" >> $MESSAGE echo "--------------------------------------------" >> $MESSAGE echo -e "Success User Details:\n $scount" >> $MESSAGE echo "--------------------------------------------" >> $MESSAGE echo -e "Failed User Details:\n $fcount" >> $MESSAGE echo "--------------------------------------------" >> $MESSAGE mail -s "$SUBJECT" "$TO" < $MESSAGE 将可执行权限设置为“user-access-details-2.sh”文件: # chmod +x /opt/scripts/user-access-details-2.sh 最后添加一个cronjob以使其自动化,它将每天早上8点运行: # crontab -e 0 8 * * * /bin/bash /opt/scripts/user-access-details-2.sh 参考:在Linux系统下使用Crontab UI安全管理Cron定时任务。 注意:您每天都会在8点收到电子邮件警报,该警报是针对前一天的用户访问信息。
相关主题 |