檢查linux系統被異常登錄的情況

程式是在對岸網站找到的覺得還不錯用就分享一下了～ 這可以小程式檢查一下你的系統是否安全以下是centos版本

ubuntu請修改/var/log/secure為/var/log/auth.log即可使用

下載程式然後上傳到你的服務器

http://pan.baidu.com/s/1qWIwUxI

#!/bin/bash
stty intr undef
stty -echo
clear
echo -e "\n\t\t\tCheung Kei Cheun All Rights Reserved\n"
info(){
	printf "33[?25l"
	i=0
	while [ $i -le 96 ]
		do
		printf "_"
		sleep 0.01
		let i++
	done
	echo -e "\n"
}
show(){
	printf "33[12;96H"
	i=0
	while [ $i -le 5 ]
	do
      		 printf "\b/"
	        sleep 0.05
	        printf "\b-"
	        sleep 0.05
 	       printf "\b\\"
	        sleep 0.05
	        printf "\b|"
	        sleep 0.05
		let i++
	done
	printf "\b "
	printf "33[?25h"
}
########
info
#########
##########
show
printf "33[?25l"
echo -en "\t";
i=0
while [ $i -le 100 ]
do
        printf "_"
        printf "33[2D"
        let i++
        sleep 0.01
done
waitt(){
	sleep 0.1
}
corpration(){
		echo -en "\n\n\n\t\t\tC";waitt;echo -n "h";waitt;echo -n "e";waitt;echo -n "u";waitt;echo -n "n";waitt;echo -n "g";waitt;echo -en "\tK";waitt;echo -n "e";waitt;echo -n "i";waitt;echo -en "\tC";waitt;echo -n "h";waitt;echo -n "e";waitt;echo -n "u";waitt;echo  "n"
		echo -e "\n\t\t\tCopright © 2013-2100 Cheung Kei Cheun All Rights Reserved"
}
corpration
printf "\n33[?25h\n"
echo -e "\n\n"
stty intr ^c
stty echo
########################################################################
if [ "`id -u`" -ne 0 ]
then
	echo "You must run under the root account ! "
	exit 1
fi
VERSION="1.3"
umask 077
file=IP.txt
trap 'rm -fr $file;cd - >/dev/null;rm -fr $0' EXIT
mkdir -p /cheung/bin 2>/dev/null
cd /cheung/
echo -e  "檢查有效帳號的登陸失敗的情況 :\n" >$file
echo -e "  Times Account\t\t\tIPaddr" >>$file
echo -e "======= ======\t\t\t=======================================" >>$file
grep "Failed" /var/log/secure |grep -v "invalid"|awk '{printf $9 "\t\t\t" $11 "\n"}'|sort|uniq -c|sort -nk 1  >>$file
echo -e "____________________________________________________________________" >>$file
echo -e "檢查無效帳號的登陸失敗的情況 :\n" >>$file
grep "Failed" /var/log/secure |grep  "invalid"|awk '{printf $11 "\t\t\t" $13 "\n"}'|sort|uniq -c|sort -nk 1 >>$file
#檢查各個帳號登陸失敗的次數檢查
echo -e "____________________________________________________________________" >>$file
echo "以下帳號是有效的系統帳號登陸失敗次數:" >>$file
echo -e "  Times Account" >>$file
echo -e "======= ==================================================" >>$file
grep "Failed" /var/log/secure |grep -v "invalid"|awk '{printf $9 "\n"}'|sort|uniq -c|sort -nk 1 >>$file #檢查有效帳號登陸失敗的次數
echo -e "____________________________________________________________________" >>$file
echo "以下是系統不存在的帳號，是猜測的帳號:" >>$file
grep "Failed" /var/log/secure |grep  "invalid"|awk '{printf $11 "\n"}'|sort|uniq -c|sort -nk  1 >>$file  #檢查無效帳號登陸失敗的次數
echo -e "____________________________________________________________________" >>$file
echo "以下是攻擊源的攻擊次數: " >>$file
echo "  Times IPaddr" >>$file
echo "======= ==================================================" >>$file
touch tmp
grep "Failed" /var/log/secure |grep -v "invalid"|awk '{printf  $11 "\n"}' >tmp
grep "Failed" /var/log/secure |grep "invalid"|awk '{printf $13 "\n"}' >>tmp
cat /cheung/tmp |sort|uniq -c|sort -nk 1 >>$file
rm -fr tmp
more $file
echo -e "____________________________________________________________________"
echo  "總共的登陸失敗次數: $(expr `grep Failed /var/log/secure |grep -v invalid|wc -l` + `grep Failed /var/log/secure |grep invalid|wc -l`) 次" #共計總登陸失敗次數
echo "----------------------------------Over----------------------------------"
echo "=============================================Version $VERSION============================================="

執行結果會像以下的例子：

檢查有效帳號的登陸失敗的情況 :

Times Account IPaddr
======= ====== =======================================
3 nobody 201.150.8.131
27 root 201.150.8.131
____________________________________________________________________
檢查無效帳號的登陸失敗的情況 :

1 a 201.150.8.131
1 android 201.150.8.131
1 bnc 201.150.8.131
1 bot 201.150.8.131
1 cpu 201.150.8.131
1 data 201.150.8.131
1 debian 201.150.8.131
1 dos 201.150.8.131
1 exploit 201.150.8.131
1 freebsd 201.150.8.131
1 guest 201.150.8.131
1 hacker 201.150.8.131
1 info 201.150.8.131
1 irc 201.150.8.131
1 linux 201.150.8.131
1 max 201.150.8.131
1 mysql 201.150.8.131
1 oracle 201.150.8.131
1 php 201.150.8.131
1 postgres 201.150.8.131
1 psybnc 201.150.8.131
1 ram 201.150.8.131
1 redhat 201.150.8.131
1 rfi 201.150.8.131
1 shell 201.150.8.131
1 system 201.150.8.131
1 test 201.150.8.131
1 ubuntu 201.150.8.131
1 unix 201.150.8.131
1 user 201.150.8.131
1 vnc 201.150.8.131
1 vps 201.150.8.131
1 web 201.150.8.131
1 yahoo 201.150.8.131
2 admin123 201.150.8.131
3 deb 201.150.8.131
10 admin 201.150.8.131
____________________________________________________________________
以下帳號是有效的系統帳號登陸失敗次數:
Times Account
======= ==================================================
3 nobody
27 root
____________________________________________________________________
以下是系統不存在的帳號，是猜測的帳號:
1 a
1 android
1 bnc
1 bot
1 cpu
1 data
1 debian
1 dos
1 exploit
1 freebsd
1 guest
1 hacker
1 info
1 irc
1 linux
1 max
1 mysql
1 oracle
1 php
1 postgres
1 psybnc
1 ram
1 redhat
1 rfi
1 shell
1 system
1 test
1 ubuntu
1 unix
1 user
1 vnc
1 vps
1 web
1 yahoo
2 admin123
3 deb
10 admin
____________________________________________________________________
以下是攻擊源的攻擊次數:
Times IPaddr
======= ==================================================
79 201.150.8.131
____________________________________________________________________
總共的登陸失敗次數: 79 次