From 1878f8dd10bb152e6621d3f28a5664a4661077b5 Mon Sep 17 00:00:00 2001
From: Ian C <ianc@noddybox.co.uk>
Date: Wed, 2 May 2018 09:38:53 +0000
Subject: Added local admin scripts

---
 local/checkauth.sh    | 1 +
 local/listaccounts.sh | 1 +
 local/listauth.sh     | 1 +
 local/sslcheck.sh     | 4 ++++
 4 files changed, 7 insertions(+)
 create mode 100755 local/checkauth.sh
 create mode 100755 local/listaccounts.sh
 create mode 100755 local/listauth.sh
 create mode 100755 local/sslcheck.sh

diff --git a/local/checkauth.sh b/local/checkauth.sh
new file mode 100755
index 0000000..a711830
--- /dev/null
+++ b/local/checkauth.sh
@@ -0,0 +1 @@
+grep -E -v 'session (opened|closed) for user ' /var/log/auth.log
diff --git a/local/listaccounts.sh b/local/listaccounts.sh
new file mode 100755
index 0000000..4d1a186
--- /dev/null
+++ b/local/listaccounts.sh
@@ -0,0 +1 @@
+checkauth.sh | grep "Failed password for .* $1" | awk '{print $11}' | sort | uniq -c | sort -n | more
diff --git a/local/listauth.sh b/local/listauth.sh
new file mode 100755
index 0000000..83b68d4
--- /dev/null
+++ b/local/listauth.sh
@@ -0,0 +1 @@
+grep "session opened for user" /var/log/auth.log | awk '{print $11}' | sort | uniq -c
diff --git a/local/sslcheck.sh b/local/sslcheck.sh
new file mode 100755
index 0000000..f04a6ec
--- /dev/null
+++ b/local/sslcheck.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+grep "Failed password for invalid user " /var/log/auth.log | \
+	awk '{print $13}' | sort | uniq -c | sort -n
-- 
cgit v1.2.3