ssh telnet 로그인 실패 (실패안하면 발송안함)
##############################
LoginFail
#############################
#!/bin/bash
DIR="/LoginFail"
YESTERDAY=`date +%F --date '1 days ago'`
LOG_FILE=$DIR/LF_$YESTERDAY.log
ADMIN_EMAIL="이메일주소"
CNT="200"
if [ ! -d $DIR ]; then
mkdir -p $DIR
fi
echo "Login Failed List $YESTERDAY" > $LOG_FILE
echo "-----------------------------------------------------------" >> $LOG_FILE
echo "Login Failed List : TELNET" >> $LOG_FILE
grep 'FAILED' /var/log/secure | grep "`LANG=C date +'%b %e' --date '1 days ago'`" |awk -F'FROM' '{ print $2 }' $1 | awk -F'FOR' '{ print $1 }' $1 |sort | uniq -c | sort -r >> $LOG_FILE
echo "-----------------------------------------------------------" >> $LOG_FILE
echo "Login Failed List : SSH" >> $LOG_FILE
grep 'Failed' /var/log/secure | grep "`LANG=C date +'%b %e' --date '1 days ago'`" |awk -F'from' '{ print $2 }' $1 | awk -F'port' '{ print $1 }' $1 |sort | uniq -c | sort -r >> $LOG_FILE
if [ -e $LOG_FILE ] ;then
tmp=`ls -l $LOG_FILE | awk '{print $5}'`
if [ `expr $tmp` -gt `expr $CNT` ]; then
cat $LOG_FILE | mail -s "Login Failed list : $YESTERDAY" $ADMIN_EMAIL
fi
fi
'리눅스 > 스크립트' 카테고리의 다른 글
| watch (0) | 2014.11.05 |
|---|---|
| 부팅후 IP변경되면 메일로 알려주기 (0) | 2014.08.04 |
| clamav 리눅스용 바이러스 실행 (0) | 2014.08.01 |
| 엔탑(ntop) 설치 (0) | 2013.06.21 |
| 대역폭 제한 툴 (0) | 2013.05.23 |