8

Security Log Parse (aka Attack Tripwire)

Just add the following command in as an shell Geeklet

echo "Who is online:" ; who ; echo ''; echo 'Active Screen Sessions:'; screen -wls | awk -F 'in' '{print $1}'; echo ''; echo 'Failed Authentication:' ; grep 'Failed to authenticate user' /var/log/secure.log| awk -F ':' '{print $1":"$2""$4}' | awk -F '(' '{print $1}' | sort | uniq -c; grep 'authentication error' /var/log/secure.log| awk -F ':' '{print $1":"$2$6}' | sed 's/authentication error for //g' | sort | uniq -c

or if your getting a lot you can trim it to only alerts from the current month

echo "Who is online:" ; who ; echo ''; echo 'Active Screen Sessions:'; screen -wls | awk -F 'in' '{print $1}'; echo ''; echo 'Failed Authentication:'; i=$(date +"%b"); grep 'Failed to authenticate user' /var/log/secure.log| awk -F ':' '{print $1":"$2""$4}' | awk -F '(' '{print $1}' | sort | uniq -c | grep $i; grep 'authentication error' /var/log/secure.log| awk -F ':' '{print $1":"$2$6}' | sed 's/authentication error for //g' | sort | uniq -c | grep $i

This little script is good for in cafes or offices etc to see if someone it trying to log into your computer and what address they source from. Also it lists the active sessions on your machine.

*Note: The formatting of the awk may need adjusted if your not using Lion


Geeklet files to download

Comments

User Avatar
mahclark 2355 days ago
:)

Log in to comment or register here.