This is a repository of scripts to help analyze various .log files found on Linux systems.
The Following List gives a short description of all the scripts in this repository:
- 477AggregateLogScript.sh - Takes multiple auth.log files and pulls unique IP addresses that failed to login, and failed login attempts from users attempting to log into invalid user accounts (pulls invalid usernames), the root user (pulls IP addresses), and the ubuntu user (pulls IP addresses). This script will also expand messaged repeated lines and add them into the analysis results.
- 477LogScript - Takes multiple auth.log files and pulls unique IP addresses that failed to login, and failed login attempts from users attempting to log into invalid user accounts (pulls invalid usernames), the root user (pulls IP addresses), and the ubuntu user (pulls IP addresses).
- FisherSysLogPrint.sh - This script takes multiple sys.log files as an input and finds if the system has vulnerabilites and prints a statement telling us if there are or are not vulnerabilities.
- FishersFirstBash.sh - Pulls all cron jobs that are not closed from auth.log files.
- FishersLogPrint.sh - This script takes multiple auth.log files as an input and prints out the date, time, user, and the IP Addr for each cron job that is open in all the matching files to a new text file created by the user in this script.
- IPpuller.sh - # Pulls all IP addresses from any type of log file, sorts and counts the unique IP addresses in reverse chronological order.
- SysLogAggregation.sh - This script is used to expand DHCPREQUEST repeated x times into the normal DHCPREQUEST format of DHCPREQUEST of IP ADDR & SUBNET Addr and appends it to a file the user creates, and aggregates it with the normal data. It then moves all the files to a directory created by the user.
- Testscript.sh - is a script I use when making updates to the codes above to ensure that I am not damaging the actual shell scripts.
Example output of 477AggregateLogScript.sh:
Welcome to my fourth Linux Bash Script
-----------------------Unique IP with Invalid Users with number of Attempts -----------------------------
532 68.183.12.113
36 13.235.135.173
24 14.200.212.187
18 218.35.208.5
10 211.219.44.209
-------------------Unique IP failing to login with root user with number of Attempts ---------------------
2666 138.255.93.0
174 68.183.12.113
34 121.155.231.244
27 120.224.50.233
15 187.134.242.142
10 103.141.234.41
8 41.139.176.122
8 221.158.175.94
8 13.235.135.173
6 14.200.212.187
4 218.35.208.5
2 89.10.150.58
2 193.201.9.21
2 175.178.237.54
2 175.120.170.20
2 112.186.218.246
2 101.35.214.179
1 121.161.234.34
1 117.102.186.80
1 112.160.137.225
-------------------Unique IP failing to login with ubuntu user with number of Attempts ---------------------
174 68.183.12.113
10 136.53.82.151
10 13.235.135.173
4 69.223.75.0
4 14.200.212.187
2 34.219.130.168
1 31.10.205.220
1 146.229.255.21
1 112.160.137.225
-------------------Unique Usernames failing to login with number of Attempts -------------------------
354 admin
285 user
264 debian
27 Ubuntu
18 pi
15 ubnt
14 username
9 spark
9 guest
9 craft
3 vagrant
3 test
3 postgres
3 oracle
3 moxa
3 ftpserver
3 ftp
3 esuser
3 es
3 ec2-user
3 devops
3 antti
3 ansible
3 1