Juma7C9 · October 5, 2013 19:27
diff --git a/report.sh b/report.sh
 #!/bin/bash

 #   report.sh - Script to report number of ssh login attempts, and banned IPs by fail2ban.
 #   Copyright (C) 2013  Juma7C9
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
 #   the Free Software Foundation; either version 3 of the License, or
 #   (at your option) any later version.
 #
 #   This program is distributed in the hope that it will be useful,
 #   but WITHOUT ANY WARRANTY; without even the implied warranty of
 #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #   GNU General Public License for more details.
 #
 #   You should have received a copy of the GNU General Public License
 #   along with this program; if not, write to the Free Software Foundation,
 #   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

 yesterday=$(date +"%b %e" -d "yesterday")
 yesterdayFull=$(date +"%F" -d "yesterday")


 inputDate=$1
 if [ -z "$inputDate" ]
 then
        date=$yesterday
        dateFull=$yesterdayFull
 else
        date=$(date +"%b %e" -d "$inputDate")
        dateFull=$(date +"%F" -d "$inputDate")
 fi


 failedPasswordCount=$(cat /var/log/secure* | grep "$date" | grep sshd | grep 'Failed password' | wc -l)
 bannedIPsCount=$(cat /var/log/messages* | grep "$date" | grep Ban | awk -F' ' '{print $(NF)}' | sort -n | uniq -c | sort -k1,1rn)

 acceptedLogins=$(cat /var/log/secure* | grep "$date" | grep sshd | grep 'Accepted' | wc -l)
 acceptedIPs=$(cat /var/log/secure* | grep "$date" | grep sshd | grep Accepted | awk -F' ' '{print $11}' | sort -n | uniq -c | sort -k1,1rn)

 echo "On day $dateFull there were $failedPasswordCount failed login attempts, from these IPs:"
 echo "$bannedIPsCount"
 echo "There also were $acceptedLogins accepted logins, from these IPs:"
 echo "$acceptedIPs"
	#!/bin/bash

	# report.sh - Script to report number of ssh login attempts, and banned IPs by fail2ban.
	# Copyright (C) 2013 Juma7C9
	#
	# This program is free software; you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation; either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#
	# You should have received a copy of the GNU General Public License
	# along with this program; if not, write to the Free Software Foundation,
	# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

	yesterday=$(date +"%b %e" -d "yesterday")
	yesterdayFull=$(date +"%F" -d "yesterday")


	inputDate=$1
	if [ -z "$inputDate" ]
	then
	date=$yesterday
	dateFull=$yesterdayFull
	else
	date=$(date +"%b %e" -d "$inputDate")
	dateFull=$(date +"%F" -d "$inputDate")
	fi


	failedPasswordCount=$(cat /var/log/secure* \| grep "$date" \| grep sshd \| grep 'Failed password' \| wc -l)
	bannedIPsCount=$(cat /var/log/messages* \| grep "$date" \| grep Ban \| awk -F' ' '{print $(NF)}' \| sort -n \| uniq -c \| sort -k1,1rn)

	acceptedLogins=$(cat /var/log/secure* \| grep "$date" \| grep sshd \| grep 'Accepted' \| wc -l)
	acceptedIPs=$(cat /var/log/secure* \| grep "$date" \| grep sshd \| grep Accepted \| awk -F' ' '{print $11}' \| sort -n \| uniq -c \| sort -k1,1rn)

	echo "On day $dateFull there were $failedPasswordCount failed login attempts, from these IPs:"
	echo "$bannedIPsCount"
	echo "There also were $acceptedLogins accepted logins, from these IPs:"
	echo "$acceptedIPs"