A quick script set as a cronjob for mailing everyday the successful and failed SSH login attempts:
############################################################################ # Copyright (C) 2008 Panagiotis Kritikakos <panoskrt@gmail.com> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see <http://www.gnu.org/licenses/>. # ############################################################################ #!/bin/bash month=`date +%b` day=`date +%d` if [ $day -lt 10 ]; then monthday=`printf "$month ${day:1}"` else monthday=`printf "$month $day"` fi hostname=`hostname` echo "=====================" > logs echo "= Successful logins =" >> logs echo "=====================" >> logs cat /var/lcfg/log/auth | grep -e "$monthday" | grep -e "authentication succeeds" \ -e "session opened" >> logs echo "--------------------------------" >> logs echo "================================" >> logs printf "\n\n" >> auth_log echo "==================" >> logs echo "= Login failures =" >> logs echo "==================" >> logs cat /var/lcfg/log/auth | grep -e "$monthday" | grep -e "authentication failure" \ -e "Failed password" >> logs echo "--------------------------------" >> logs echo "================================" >> logs /usr/bin/Mail -s "Logs for $hostname" foo@bar.com < logs rm -f logs
thank, btw, how to config for apache tomcat java for who is acces in that url
This script is actually going through the auth logs and doesn’t relate to any URL. Can you be a bit more specific on what you need to achieve for Apache/Tomcat etc?