簡介
通過 shell 腳本快速彙總用戶登錄相關信息。
腳本
<code>#!/bin/bash
echo "========================當前登錄著用戶數=============================="
echo $(users | wc -l)
echo "========================登錄記錄=================================="
who | awk '{if($5 == ""|| $5=="(:1)"){print "登錄用戶:"$1" ,本地登錄 "$5}else{print "登用戶:"$1" ,登錄IP或者域名:"$5 }}' | tr -d '(' | tr -d ')'
echo "========================暴力破解檢測=================================="
# lastb | grep -v '^$' | sed '$d' | awk '{print "用戶:"$1" 登錄IP:"$3}'
declare -A recordCount
while read line; do
count=${recordCount[$line]}
let count=count+1
recordCount[$line]=$count
done <<
for key in $(echo ${!recordCount[*]}); do
count=${recordCount[$key]}
# echo $count
if [ $count -ge 3 ]; then
echo $key | awk -v count=$count -F "|" '{print $2" 嘗試使用用戶 "$1" 進行暴力破解,嘗試次數 "count}'
fi
done
echo "========================最近 10 天有登錄的用戶=================================="
lastlog -t 10 | sed '1d' | grep -v '\\*\\*$' | awk '{printf "登錄用戶:"$1" 最後登錄時間:"}{for(i=3;i<=NF;i++)printf $i" "}{printf "\\n"}'
/<code>
分享到:
閱讀更多 linux運維菜 的文章
