Report SSH logins script

A quick script set as a cronjob for mailing everyday the successful and failed SSH login attempts:

############################################################################
# Copyright (C) 2008  Panagiotis Kritikakos <panoskrt@gmail.com>           #
#                                                                          #
#    This program is free software: you can redistribute it and/or modify  #
#    it under the terms of the GNU General Public License as published by  #
#    the Free Software Foundation, either version 3 of the License, or     #
#    (at your option) any later version.                                   #
#                                                                          #
#    This program is distributed in the hope that it will be useful,       #
#    but WITHOUT ANY WARRANTY; without even the implied warranty of        #
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         #
#    GNU General Public License for more details.                          #
#                                                                          #
#    You should have received a copy of the GNU General Public License     #
#    along with this program.  If not, see <http://www.gnu.org/licenses/>. #
############################################################################

#!/bin/bash
month=`date +%b`
day=`date +%d`
if [ $day -lt 10 ]; then
  monthday=`printf "$month  ${day:1}"`
else
  monthday=`printf "$month $day"`
fi
hostname=`hostname`

echo "=====================" > logs
echo "= Successful logins =" >> logs
echo "=====================" >> logs
cat /var/lcfg/log/auth | grep -e "$monthday" | grep -e "authentication succeeds" \
-e "session opened" >> logs
echo "--------------------------------" >> logs
echo "================================" >> logs

printf "\n\n" >> auth_log

echo "==================" >> logs
echo "= Login failures =" >> logs
echo "==================" >> logs
cat /var/lcfg/log/auth | grep -e "$monthday" | grep -e "authentication failure" \
-e "Failed password" >> logs
echo "--------------------------------" >> logs
echo "================================" >> logs

/usr/bin/Mail -s "Logs for $hostname" foo@bar.com < logs
rm -f logs

2 thoughts on “Report SSH logins script

  1. panoskrt

    This script is actually going through the auth logs and doesn’t relate to any URL. Can you be a bit more specific on what you need to achieve for Apache/Tomcat etc?

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s