Thursday, May 10, 2012

Perl script to list all Failed Login attempts in Linux

#!/usr/bin/perl -w
# Description             :  Upon execution, this script will list all the Failed Login attempts on a Linux Server
# Mode of Execution  :  As 'root' user from shell prompt
# Developed by          :  Ashok Raj
# Version                   :  1.2
# -------------------------------------------------------------------------------------------------------------------------

$osnam=`uname -s`;
chomp($osnam);
$cnt=0;

if($osnam eq 'Linux')
{
chdir "/var/log" or die "$!";
@arylog = `cat ./secure*|grep 'Failed password'`;
print "\n";
print "REPORT ON FAILED ATTEMPT LOGINS\n\n";
print " DATE/TIME       USERNAME\tHOSTNAME/IPADDRESS\n";
print "---------------------------------------------\n";
foreach(@arylog)
 {
 if($_ =~ m/(\w+\s+\d+\s\d\d:\d\d:\d\d)\s\S+\ssshd\[\d+\]:\s+Failed\s.*?\sfor.*?\s(\w+)\sfrom\s+(\S+)/)
            {
              printf "%-16s   %-16s%-16s\n",$1,$2,$3;
              $cnt++;
            }
}
}
print "\nTotal Number of Failed Attempts: $cnt \n\n";

No comments:

Post a Comment

Popular Posts

About Me

My photo
I have started this blog to share my work experience and spread some smart solutions on Linux to Internet community. I'm hoping more people will get benefited from this blog. Brief about me: I have 14+ years experience working as System Admin and currently work with VMware.