說明:今天要分享的是在LINUX環境中,創建一支程式定期偵測登入狀態然後發出告警。
1.Linux環境即可,不受任何版本限制。
#!/bin/bash
#時間:2019/5/19
#用途:監控系統使用者登入狀態,發出告警
#作者:Darren
#版本:V1.0
#configration
__RootEmailAddress="xxxx@xxxx.com.tw"
__RootEmailSubject="Server OS Login Notify."
__ServerName="Server"
#man script
touch /tmp/Loginwarn.txt
while :
do
#get login information
__ReadLoginRecord=`cat /var/log/secure|grep password|tail -n 1`
__HostIP=`echo $__ReadLoginRecord|awk 'BEGIN {FS=" "}; {print $11}'`
__LoginName=`echo $__ReadLoginRecord|awk 'BEGIN {FS=" "}; {print $9}'`
__LoginTime=`echo $__ReadLoginRecord|awk 'BEGIN {FS=" "}; {print $3}'`
__LoginStatus=`echo $__ReadLoginRecord|awk 'BEGIN {FS=" "}; {print $6}'`
#LastTime check and main script
if [ "$__LastTime" != "$__LoginTime" ]; then
__LastTime=$__LoginTime
echo "最近一次登入 $__ServerName,Time:$__LoginTime,User $__LoginName from $__HostIP was $__LoginStatus 。"
echo "#-------------------------" >> /tmp/Loginwarn.txt
echo "# 登入主機: $__ServerName" >> /tmp/Loginwarn.txt
echo "# 登入時間: $__LoginTime " >> /tmp/Loginwarn.txt
echo "# 登入帳號: $__LoginName " >> /tmp/Loginwarn.txt
echo "# 來源位置: $__HostIP " >> /tmp/Loginwarn.txt
echo "# 登入狀態: $__LoginStatus" >> /tmp/Loginwarn.txt
echo "#-------------------------" >> /tmp/Loginwarn.txt
mailx -s "$__RootEmailSubject" -S smtp="smtps://xxxx.com:465" -S from="xxxx@xxxx.com" -S smtp-auth=login -S smtp-auth-user="xxxx@xxxx.com" -S smtp-auth-password="xxxx" -S ssl-verify=ignore -S nss-config-dir=/etc/pki/nssdb/ "$__RootEmailAddress" < /tmp/Loginwarn.txt; 2&>1 /dev/null
echo "" > /tmp/Loginwarn.txt
else
echo "" 2&>1 /dev/null
fi
done
#configration
__RootEmailAddress="xxxx@xxxx.com.tw"
__RootEmailSubject="Server OS Login Notify."
__ServerName="Server"
#email server information
mailx -s "$__RootEmailSubject" -S smtp="smtps://xxxx.com:465" -S from="xxxx@xxxx.com" -S smtp-auth=login -S smtp-auth-user="xxxx@xxxx.com" -S smtp-auth-password="xxxx" -S ssl-verify=ignore -S nss-config-dir=/etc/pki/nssdb/
PS.可將程式註冊成系統服務,由系統服務管理工具管理。
一、環境說明。
二、範例程式。
#時間:2019/5/19
#用途:監控系統使用者登入狀態,發出告警
#作者:Darren
#版本:V1.0
#configration
__RootEmailAddress="xxxx@xxxx.com.tw"
__RootEmailSubject="Server OS Login Notify."
__ServerName="Server"
#man script
touch /tmp/Loginwarn.txt
while :
do
#get login information
__ReadLoginRecord=`cat /var/log/secure|grep password|tail -n 1`
__HostIP=`echo $__ReadLoginRecord|awk 'BEGIN {FS=" "}; {print $11}'`
__LoginName=`echo $__ReadLoginRecord|awk 'BEGIN {FS=" "}; {print $9}'`
__LoginTime=`echo $__ReadLoginRecord|awk 'BEGIN {FS=" "}; {print $3}'`
__LoginStatus=`echo $__ReadLoginRecord|awk 'BEGIN {FS=" "}; {print $6}'`
#LastTime check and main script
if [ "$__LastTime" != "$__LoginTime" ]; then
__LastTime=$__LoginTime
echo "最近一次登入 $__ServerName,Time:$__LoginTime,User $__LoginName from $__HostIP was $__LoginStatus 。"
echo "#-------------------------" >> /tmp/Loginwarn.txt
echo "# 登入主機: $__ServerName" >> /tmp/Loginwarn.txt
echo "# 登入時間: $__LoginTime " >> /tmp/Loginwarn.txt
echo "# 登入帳號: $__LoginName " >> /tmp/Loginwarn.txt
echo "# 來源位置: $__HostIP " >> /tmp/Loginwarn.txt
echo "# 登入狀態: $__LoginStatus" >> /tmp/Loginwarn.txt
echo "#-------------------------" >> /tmp/Loginwarn.txt
mailx -s "$__RootEmailSubject" -S smtp="smtps://xxxx.com:465" -S from="xxxx@xxxx.com" -S smtp-auth=login -S smtp-auth-user="xxxx@xxxx.com" -S smtp-auth-password="xxxx" -S ssl-verify=ignore -S nss-config-dir=/etc/pki/nssdb/ "$__RootEmailAddress" < /tmp/Loginwarn.txt; 2&>1 /dev/null
echo "" > /tmp/Loginwarn.txt
else
echo "" 2&>1 /dev/null
fi
done
三、程式說明-基本參數。
- RootEmailAddress:輸入告警郵件要發給誰。
- RootEmailSubject:郵件的主旨。
- ServerName:這台主機的名稱。
__RootEmailAddress="xxxx@xxxx.com.tw"
__RootEmailSubject="Server OS Login Notify."
__ServerName="Server"
四、程式說明-郵件參數。
- smtp:寄信郵件主機。
- from:寄件人郵件。
- smtp-auth-user:寄件用登入帳號。
- smtp-auth-password:寄件用登入密碼。
#email server information
mailx -s "$__RootEmailSubject" -S smtp="smtps://xxxx.com:465" -S from="xxxx@xxxx.com" -S smtp-auth=login -S smtp-auth-user="xxxx@xxxx.com" -S smtp-auth-password="xxxx" -S ssl-verify=ignore -S nss-config-dir=/etc/pki/nssdb/
五、如何啟動。
- 先將Script權限更改成可執行,chmod 755。
- ./程式名稱 &,採由背景執行。
PS.可將程式註冊成系統服務,由系統服務管理工具管理。
留言