cat secure.sh
#!/bin/bash


echo "分析一个月 ssh 成功登录情况:"
echo
cat ~/secure_dir/* |grep Accepted |awk '{print "\t" "IP:"$11  "\t" "用户:"$9  "\t" $1,$2,$3  "\t"  "登陆成功"}'

echo

echo "分析一个月 ssh 暴力破解来源IP TOP10:"
echo
cat ~/secure_dir/* | grep 'Failed password' | awk '{print $(NF-3)}' |sort |uniq -c |sort -nr|head -n 10 |awk '{print "\t" "异常IP:",$2 "\t" "暴力破解:",$1,"次"}'
echo
echo "分析一个月 ssh 暴力破解用户名 TOP10:"
echo
cat ~/secure_dir/* |grep 'Failed password'  |awk '{print $(NF-5)}' |sort|uniq -c |sort -nr |head -n 10 |awk '{print "\t" "用户:",$2 "\t" "暴力破解",$1,"次"}'

分析系统登陆日志shell脚本

results matching ""

No results matching ""