The break-in-analyzer from zam89

Cannot read Debian 11 auth log?

Nice job! Thanks for your code. One question, could it read debian 11 auth log? Right now it shows empty:

admin@ec2-184-169-203-102:~$ ./Break-In-Analyzer/break-in_analyzer.sh
_____________________________________
|				    |
|	Break-In Analyzer 1.2	    |
|___________________________________|

Please Select:
1) Analyze auth logs
2) Analyze secure logs
3) Analyze utmp/wtmp log
4) Exit script

* This script is checking for failed attempt on valid/existed account/username only!

Menu selection: 1
Input auth.log location..: /home/admin/var/log/auth.log

Possible Break-in Attempts - IP



Possible Break-in Attempts - Username



Successful Logins - IP



Successful Logins - Users


Done!

Here is the log:

$ more /home/admin/var/log/auth.log

Jan 28 00:00:11 web001 su: (to administrator) root on none
Jan 28 00:00:11 web001 su: pam_unix(su:session): session opened for user administrator by (uid=0)
Jan 28 00:00:11 web001 systemd: pam_unix(systemd-user:session): session opened for user administrator by (uid=0)
Jan 28 00:00:11 web001 su: pam_unix(su:session): session closed for user administrator
Jan 28 00:00:11 web001 su: (to administrator) root on none
Jan 28 00:00:11 web001 su: pam_unix(su:session): session opened for user administrator by (uid=0)
Jan 28 00:00:11 web001 su: pam_unix(su:session): session closed for user administrator
Jan 28 00:03:39 web001 sshd[28020]: Received disconnect from 92.118.39.84 port 56160:11: Bye Bye [preauth
]
Jan 28 00:03:39 web001 sshd[28020]: Disconnected from authenticating user root 92.118.39.84 port 56160 [p
reauth]
Jan 28 00:05:01 web001 CRON[28046]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 00:05:01 web001 CRON[28045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 28 00:05:01 web001 CRON[28045]: pam_unix(cron:session): session closed for user root
Jan 28 00:05:02 web001 CRON[28046]: pam_unix(cron:session): session closed for user root
Jan 28 00:05:09 web001 su: (to administrator) root on none
Jan 28 00:05:09 web001 su: pam_unix(su:session): session opened for user administrator by (uid=0)
Jan 28 00:05:09 web001 systemd: pam_unix(systemd-user:session): session opened for user administrator by (uid=0)
Jan 28 00:05:09 web001 su: pam_unix(su:session): session closed for user administrator
Jan 28 00:05:09 web001 su: (to administrator) root on none
Jan 28 00:05:09 web001 su: pam_unix(su:session): session opened for user administrator by (uid=0)
Jan 28 00:05:09 web001 su: pam_unix(su:session): session closed for user administrator

zam89 / break-in-analyzer Goto Github PK

break-in-analyzer's People

Contributors

Stargazers

break-in-analyzer's Issues

Cannot read Debian 11 auth log?

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs