Shell Script to search Failed Ftp Login Attempts
This Shell script will search the server logs on daily basis and will email you the Failed Ftp Login Attempts of the day. The ftp logs are saved in the /var/log/messages file as by default there is no separate log file for Ftp in Linux.
Create a file /home/script/failedftp.sh and paste the below code:
#!/bin/bash
#Retrieve the current date
CUR_DATE=`date | awk ‘{print $2? ” $3}’`
#Create a temporary file to store the logs
touch /tmp/out.txt
echo “Failed Login Attempts on “$CUR_DATE”" > /tmp/out.txt
#Search the failed attempts and save in the temporary file
/bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep failed >> /tmp/out.txt
#Email the contents of the file to your email address
/bin/mail -s “Failed Ftp Login Attempts on “$CUR_DATE” ” youremail@yourdomain.com < /tmp/out.txt
Save the file. You now have to schedule a cron to execute the file once in a day to search logs. Edit the cron file
crontab -e
and add the following cron job
59 23 * * * /bin/sh /home/script/failedftp.sh
Note: This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.
No comments:
Post a Comment