zam89 / break-in-analyzer Goto Github PK
View Code? Open in Web Editor NEWBreak-In Analyzer - A script that analyze auth.log, secure, utmp/wtmp for possible SSH break-in attempts
License: MIT License
Break-In Analyzer - A script that analyze auth.log, secure, utmp/wtmp for possible SSH break-in attempts
License: MIT License
Nice job! Thanks for your code. One question, could it read debian 11 auth log? Right now it shows empty:
admin@ec2-184-169-203-102:~$ ./Break-In-Analyzer/break-in_analyzer.sh
_____________________________________
| |
| Break-In Analyzer 1.2 |
|___________________________________|
Please Select:
1) Analyze auth logs
2) Analyze secure logs
3) Analyze utmp/wtmp log
4) Exit script
* This script is checking for failed attempt on valid/existed account/username only!
Menu selection: 1
Input auth.log location..: /home/admin/var/log/auth.log
Possible Break-in Attempts - IP
Possible Break-in Attempts - Username
Successful Logins - IP
Successful Logins - Users
Done!
Here is the log:
$ more /home/admin/var/log/auth.log
Jan 28 00:00:11 web001 su: (to administrator) root on none
Jan 28 00:00:11 web001 su: pam_unix(su:session): session opened for user administrator by (uid=0)
Jan 28 00:00:11 web001 systemd: pam_unix(systemd-user:session): session opened for user administrator by (uid=0)
Jan 28 00:00:11 web001 su: pam_unix(su:session): session closed for user administrator
Jan 28 00:00:11 web001 su: (to administrator) root on none
Jan 28 00:00:11 web001 su: pam_unix(su:session): session opened for user administrator by (uid=0)
Jan 28 00:00:11 web001 su: pam_unix(su:session): session closed for user administrator
Jan 28 00:03:39 web001 sshd[28020]: Received disconnect from 92.118.39.84 port 56160:11: Bye Bye [preauth
]
Jan 28 00:03:39 web001 sshd[28020]: Disconnected from authenticating user root 92.118.39.84 port 56160 [p
reauth]
Jan 28 00:05:01 web001 CRON[28046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 00:05:01 web001 CRON[28045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 00:05:01 web001 CRON[28045]: pam_unix(cron:session): session closed for user root
Jan 28 00:05:02 web001 CRON[28046]: pam_unix(cron:session): session closed for user root
Jan 28 00:05:09 web001 su: (to administrator) root on none
Jan 28 00:05:09 web001 su: pam_unix(su:session): session opened for user administrator by (uid=0)
Jan 28 00:05:09 web001 systemd: pam_unix(systemd-user:session): session opened for user administrator by (uid=0)
Jan 28 00:05:09 web001 su: pam_unix(su:session): session closed for user administrator
Jan 28 00:05:09 web001 su: (to administrator) root on none
Jan 28 00:05:09 web001 su: pam_unix(su:session): session opened for user administrator by (uid=0)
Jan 28 00:05:09 web001 su: pam_unix(su:session): session closed for user administrator
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.