forked from syapik96/aws
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtendang.sh
93 lines (91 loc) · 3.31 KB
/
tendang.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash
# Mod By ALK
#!/bin/bash
clear
MAX=2
if [ -e "/var/log/auth.log" ]; then
OS=1;
LOG="/var/log/auth.log";
fi
if [ -e "/var/log/secure" ]; then
OS=2;
LOG="/var/log/secure";
fi
if [ $OS -eq 1 ]; then
service ssh restart > /dev/null 2>&1;
fi
if [ $OS -eq 2 ]; then
service sshd restart > /dev/null 2>&1;
fi
service dropbear restart > /dev/null 2>&1;
cat /etc/passwd | grep "/home/" | cut -d":" -f1 > /root/user.txt
username1=( `cat "/root/user.txt" `);
i="0";
for user in "${username1[@]}"
do
username[$i]=`echo $user | sed 's/'\''//g'`;
jumlah[$i]=0;
i=$i+1;
done
cat $LOG | grep -i dropbear | grep -i "Password auth succeeded" > /tmp/log-db.txt
proc=( `ps aux | grep -i dropbear | awk '{print $2}'`);
for PID in "${proc[@]}"
do
cat /tmp/log-db.txt | grep "dropbear\[$PID\]" > /tmp/log-db-pid.txt
NUM=`cat /tmp/log-db-pid.txt | wc -l`;
USER=`cat /tmp/log-db-pid.txt | awk '{print $10}' | sed 's/'\''//g'`;
IP=`cat /tmp/log-db-pid.txt | awk '{print $12}'`;
if [ $NUM -eq 1 ]; then
i=0;
for user1 in "${username[@]}"
do
if [ "$USER" == "$user1" ]; then
jumlah[$i]=`expr ${jumlah[$i]} + 1`;
pid[$i]="${pid[$i]} $PID"
fi
i=$i+1;
done
fi
done
cat $LOG | grep -i sshd | grep -i "Accepted password for" > /tmp/log-db.txt
data=( `ps aux | grep "\[priv\]" | sort -k 72 | awk '{print $2}'`);
for PID in "${data[@]}"
do
cat /tmp/log-db.txt | grep "sshd\[$PID\]" > /tmp/log-db-pid.txt;
NUM=`cat /tmp/log-db-pid.txt | wc -l`;
USER=`cat /tmp/log-db-pid.txt | awk '{print $9}'`;
IP=`cat /tmp/log-db-pid.txt | awk '{print $11}'`;
if [ $NUM -eq 1 ]; then
i=0;
for user1 in "${username[@]}"
do
if [ "$USER" == "$user1" ]; then
jumlah[$i]=`expr ${jumlah[$i]} + 1`;
pid[$i]="${pid[$i]} $PID"
fi
i=$i+1;
done
fi
done
j="0";
for i in ${!username[*]}
do
if [ ${jumlah[$i]} -gt $MAX ]; then
date=`date +"%Y-%m-%d %X"`;
echo "$date - ${username[$i]} - ${jumlah[$i]}";
echo "$date - ${username[$i]} - ${jumlah[$i]}" >> /root/log-limit.txt;
kill ${pid[$i]};
pid[$i]="";
j=`expr $j + 1`;
fi
done
if [ $j -gt 0 ]; then
if [ $OS -eq 1 ]; then
service ssh restart > /dev/null 2>&1;
fi
if [ $OS -eq 2 ]; then
service sshd restart > /dev/null 2>&1;
fi
service dropbear restart > /dev/null 2>&1;
j=0;
fi