Este script lê os arquivos de log e procura por linhas que indiquem uma tentativa de invasão.

• Download gaiatos
• Enviar nova versão

Esconder código-fonte

#!/bin/sh
clear
echo
echo "Aguarde..."
echo
logs=`ls /var/log/messages*`
echo "Arquivos Selecionados:
`du -ah /var/log/messages*`" && echo
for i in `echo $logs`;do
echo "Verificando o arquivo $i"
cat $i | grep -i "Failed password for root from" > tent_root.log 
cat $i | grep -i "Illegal user" > tent_user.log
done
echo
echo "##########################################################"
echo "############## Tentativas de acesso do root ##############"
echo "##########################################################"
echo
for i in `cat tent_root.log | tr -s ' ' ','`;do
        mes=`echo $i | cut -d , -f 1`
        dia=`echo $i | cut -d , -f 2`
        hora=`echo $i | cut -d , -f 3`
        host=`echo $i | cut -d , -f 11`
        echo "$dia/$mes,$hora,$host" | tr ',' '\t'
done
echo
echo "##########################################################"
echo "######## Tentativas de acesso com outros usuarios ########"
echo "##########################################################"
for i in `cat tent_user.log | tr -s ' ' ','`;do
        mes=`echo $i | cut -d , -f 1`
        dia=`echo $i | cut -d , -f 2`
        hora=`echo $i | cut -d , -f 3`
        user=`echo $i | cut -d , -f 8`
        host=`echo $i | cut -d , -f 10`
        echo "$dia/$mes,$hora,$user,$host" | tr ',' '\t'
done
rm -rf tent_root.log
rm -rf tent_user.log

Pendetect

abelhudo

Mantendo hora do servidor atualizada com NTP

Telefones

ListPkg [Procura de pacote no Slackware]