简介

通过 shell 脚本快速汇总用户登录相关信息。

脚本

#!/bin/bash
echo "========================当前登录着用户数=============================="
echo $(users | wc -l)
echo "========================登录记录=================================="
who | awk '{if($5 == ""|| $5=="(:1)"){print "登录用户:"$1" ,本地登录 "$5}else{print "登用户:"$1" ,登录IP或者域名:"$5 }}' | tr -d '(' | tr -d ')'
echo "========================暴力破解检测=================================="
# lastb | grep -v '^$' | sed '$d' | awk '{print "用户:"$1" 登录IP:"$3}'
declare -A recordCount
while read line; do
    count=${recordCount[$line]}
    let count=count+1
    recordCount[$line]=$count
done <<<"$(lastb | grep -v '^$' | sed '$d' | awk '{print $1"|"$3}')"

for key in $(echo ${!recordCount[*]}); do
    count=${recordCount[$key]}
    # echo $count
    if [ $count -ge 3 ]; then
        echo $key | awk -v count=$count -F "|" '{print $2" 尝试使用用户 "$1" 进行暴力破解,尝试次数 "count}'
    fi
done

echo "========================最近 10 天有登录的用户=================================="
lastlog -t 10 | sed '1d' | grep -v '\*\*$' | awk '{printf "登录用户:"$1" 最后登录时间:"}{for(i=3;i<=NF;i++)printf $i" "}{printf "\n"}'