I need help writing a Linux script that automatically saves login attempts of 2 or more into a file, and then emails that file to myself or one of my administrators. Can any one help? Or at least point me in a different direction than these constant tutorial sites? Thanks.
Login attempts are automatically logged in /var/log/auth.log, so you just need to parse that log file.
I would put a daily cron job in so I could check the report every morning. Maybe something like this: cat /var/log/secure | grep "Failed password" | mail -s "$HOSTNAME Login Report" [email protected] Then you would get a mail with this kind of body: Jul 12 21:09:42 server sshd[24161]: Failed password for testuser2 from ::ffff:10.0.0.8 port 3973 ssh2 This works on Redhat/CentOS systems, just change the log and the phrase your looking for if you need to...
