From aa0ab9faee5f0f610bfc12b7b68317e887ef8d84 Mon Sep 17 00:00:00 2001 From: aixiao Date: Sat, 19 Jan 2019 17:06:17 +0800 Subject: [PATCH] =?UTF-8?q?=09=E4=BF=AE=E6=94=B9=EF=BC=9A=20=20=20=20=20ma?= =?UTF-8?q?il.log.sh?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mail.log.sh | 95 ++++++++++++++++++++++++++--------------------------- 1 file changed, 47 insertions(+), 48 deletions(-) mode change 100755 => 100644 mail.log.sh diff --git a/mail.log.sh b/mail.log.sh old mode 100755 new mode 100644 index fc45f79..477d22d --- a/mail.log.sh +++ b/mail.log.sh @@ -1,65 +1,64 @@ #!/bin/bash # -# Debian Stretch. # System authorization information. -# Author: aixiao # Email: aixiao@aixiao.me -# Date: 20170909 -# Modify Time: 171125 +# Time: 20170909 # -pwd_path=/root -TIME=`date +"%Y%m%d"` -log_file=${pwd_path}/${TIME}.log +function run() +{ + pwd_path="/root"; + TIME=`date +"%Y%m%d"`; + log_file="${pwd_path}/${TIME}.log"; + email_address="1605227279@qq.com"; + num=9; -echo "Read-Only Memory,ROM:" &>> ${log_file} -df -am &>> ${log_file} + echo "Read-Only Memory,ROM:" &>> ${log_file} + df -am &>> ${log_file} -echo "" &>> ${log_file} -echo "random access memory,RAM:" &>> ${log_file} -free -hl &>> ${log_file} + echo "" &>> ${log_file} + echo "random access memory,RAM:" &>> ${log_file} + free -hl &>> ${log_file} -echo "" &>> ${log_file} -echo "System process:" &>> ${log_file} -ps -axjf &>> ${log_file} + echo "" &>> ${log_file} + echo "System process:" &>> ${log_file} + ps -axjf &>> ${log_file} -echo "" &>> ${log_file} -echo "Network Connections" &>> ${log_file} -netstat -tnulp &>> ${log_file} + echo "" &>> ${log_file} + echo "Network Connections" &>> ${log_file} + netstat -tnulp &>> ${log_file} -echo "" &>> ${log_file} -echo "AIC" &>> ${log_file} -netstat -ntu &>> ${log_file} + echo "" &>> ${log_file} + echo "System authorization information:" &>> ${log_file} + if test "`date | awk '{print $3}'`" -ge 10 ; then + grep ^`date | awk '{print $2}'`.`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file} + grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file} + ip=$(grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}') + else + grep ^`date | awk '{print $2}'`..`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file} + grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file} + ip=$(grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}') + fi -echo "" &>> ${log_file} -echo "System authorization information:" &>> ${log_file} -if test "`date | awk '{print $3}'`" -ge 10 ; then - grep ^`date | awk '{print $2}'`.`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file} - grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file} + ip_address=($ip) + for i in ${ip_address[@]} ; do + /sbin/iptables -I INPUT -s $i -j DROP + done + /sbin/iptables-save > /root/ipv4tables - ip=$(grep -E "^`date | awk '{print $2}'`.`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){if (a[i] >= 9) {print i;}}}') -else - grep ^`date | awk '{print $2}'`..`date | awk '{print $3}'` /var/log/auth.log &>> ${log_file} - grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file} + echo "" &>> ${log_file} + echo "Iptables filter table" &>> ${log_file} + /sbin/iptables -L -n --line-numbers &>> ${log_file} + echo "" &>> ${log_file} - ip=$(grep -E "^`date | awk '{print $2}'`..`date | awk '{print $3}'`" /var/log/auth.log | grep failure | grep rhost | awk '{printf $14 "\n"}' | cut -d = -f 2 | awk '{a[$1]+=1;} END {for(i in a){if (a[i] >= 9) {print i;}}}') -fi + mail -s "System Log" ${email_address} < ${log_file} + rm ${log_file} + sync + sync +} -ip_add=($ip) -for i in ${ip_add[@]} ; do - /sbin/iptables -I INPUT -s $i -j DROP -done -/sbin/iptables-save > /root/ipv4tables - -echo "" &>> ${log_file} -echo "Iptables filter table" &>> ${log_file} -/sbin/iptables -L -n --line-numbers &>> ${log_file} -echo "" &>> ${log_file} - -mail -s "System Log" 1605227279@qq.com < ${log_file} -rm ${log_file} -sync -sync -exit +run; +exit 0; +20190103 aixiao@aixiao.me