42 lines
1.6 KiB
Bash
42 lines
1.6 KiB
Bash
# Alertes de sécurité (Échec login)
|
|
FAILED=$(journalctl _SYSTEMD_UNIT=ssh.service --since "24 hours ago" | grep -c "Failed password")
|
|
if [ $FAILED -gt 0 ]; then
|
|
echo -e "${GREEN}======================================================================${NONE}"
|
|
echo -e " ${R1}⚡ ATTENTION : ${FAILED} tentatives de connexion SSH échouées ces dernières 24h !${NONE}"
|
|
fi
|
|
|
|
OTHER_USERS=$(who | wc -l)
|
|
if [ "$OTHER_USERS" -gt 1 ]; then
|
|
echo -e "${GREEN}======================================================================${NONE}"
|
|
echo -e " ${R1}⚡ Attention :${NC} Il y a actuellement $(($OTHER_USERS - 1)) autre(s) session(s) active(s).${NC}"
|
|
echo -e "${R1} ╔════════════════════════════════════════════════╗"
|
|
printf " ║ %-10s %-10s %-8s %-15s ║\n" "USER" "DATE" "HEURE" "IP"
|
|
echo " ╠════════════════════════════════════════════════╣"
|
|
|
|
who | awk '{
|
|
user=$1
|
|
|
|
# Cas avec IP (dernier champ contient des parenthèses)
|
|
if ($NF ~ /^\(.*\)$/) {
|
|
ip=$NF
|
|
gsub(/[()]/,"",ip)
|
|
|
|
time=$(NF-1)
|
|
date=$(NF-2)
|
|
} else {
|
|
ip="console locale"
|
|
|
|
time=$NF
|
|
date=$(NF-1)
|
|
}
|
|
|
|
printf " ║ %-10s %-10s %-8s %-15s ║\n", user, date, time, ip
|
|
}'
|
|
|
|
echo -e " ╚════════════════════════════════════════════════╝${NC}"
|
|
fi
|
|
|
|
|
|
|
|
|