-
Notifications
You must be signed in to change notification settings - Fork 21
/
monitor.sh
executable file
·84 lines (62 loc) · 1.77 KB
/
monitor.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/bin/bash
source $(dirname $0)/lib/bashsimplecurses/simple_curses.sh
source $(dirname $0)/vars.sh
EXPORT_PATH=${HOME}/pots
N=30
get_country_for_ip(){
ip="$1"
geoiplookup ${ip} | sed 's/GeoIP Country Edition: //g'
}
main(){
action=$1
max=$2
limit="limit 0,${max:-10}"
action='stats'
names='combo login password'
window "Last SSH attacks" "red" "40%"
tac /var/log/ssh-pot.log | head > /tmp/res
append_file /tmp/res
endwin
window "Last FTP attacks" "red" "40%"
tac /var/log/ftp-pot.log | head > /tmp/res
append_file /tmp/res
endwin
window "Last Telnet attacks" "red" "40%"
tac /var/log/telnet-pot.log | head > /tmp/res
append_file /tmp/res
endwin
col_right
move_up
for what in $names; do
if [[ $what == 'combo' ]]; then
name='concat_ws(char(58),login,password)'
else
name=$what
fi
window "Top $max ${what}s" "red" "30%"
echo "select count(2), $name from pot group by 2 order by count(2) desc $limit" | mysql -rs -u${MYSQL_USER} ${MYSQL_DB} > /tmp/res
append_file /tmp/res
endwin
done
col_right
move_up
window "Top countries" "red" "30%"
echo "select count(2), host from pot group by 2 order by count(2) desc $limit" | mysql -rs -u${MYSQL_USER} ${MYSQL_DB} | while read i j ; do
echo "${i}: ${j} ($(get_country_for_ip ${j}))";
done > /tmp/res
append_file /tmp/res
endwin
window "Total records" "red" "30%"
echo "select count(*) from pot" | mysql -rs -u${MYSQL_USER} ${MYSQL_DB} > /tmp/res
append_file /tmp/res
endwin
window "Last update" "red" "30%"
append "$(date) (refresh: ${N}s)"
endwin
window "Last connection" "red" "30%"
res=$(echo "select host, timestamp from pot order by timestamp desc limit 1" | mysql -rs -u${MYSQL_USER} ${MYSQL_DB})
append "${res}"
endwin
rm /tmp/res
}
main_loop ${N}