I am using the below command in my .bash_profile to get email alerts on ssh user logins
I get the email alerts, the only problem is format of whois command output - its wrapped.
Output of whois in command line is neat. Even after using sed -r G it doesn't work.
echo -e 'ALERT - Shell Access on:' `date` `who` '\n\n' `whois $(who | cut -d'(' -f2 | cut -d')' -f1)` | sed -r G | mail -s "Alert: SSH Access from `who | cut -d'(' -f2 | cut -d')' -f1`" user#example.com
SOLUTION:
Paste the following in .bash_profile in the user/root directory to get email alerts
# Send email on user login - manually added
SSHLOGINIP=`who | cut -d'(' -f2 | cut -d')' -f1 | tail -n 1`
echo -e "ALERT - Shell Access on: `date` \n\n Active Sessions:\n `who` \n\n `whois $SSHLOGINIP`" | sed -r G | mail -s "Alert: SSH Access from $SSHLOGINIP" user#example.com
unset SSHLOGINIP
For whois to work on RHEL based systems like CentOS you would need to install jwhois
You need to double-quote the echo statement in its entirety:
echo -e "ALERT - Shell Access on:' `date` `who` '\n\n' `whois $(who | cut -d'(' -f2 | cut -d')' -f1)`"
That will prevent wrapping of the whois output before it is passed to sed -- preserving all the linebreaks. The remainder of your mailx line should be fine. One other thought. Why not just write all of the output to a tmp file following | sed -r G > tmpfile. Then just add the tmpfile as an attachment to mailx?
mail -s "Alert: SSH Access from `who | cut -d'(' -f2 | cut -d')' -f1`" -a tmpfile user#example.com
Related
I am helping debug some code that exec the following script is there any reason why its not writing a file to the server? - if that what it does. All the $ data and permissions are ok:
Script:
#!/bin/bash
RANGE=$1
ALLOCATION=`echo $RANGE | cut -f1,2,3 -d'.'`
/sbin/ip rule add from $1 lookup $2
echo $ALLOCATION
rm /path/too/file/location/$ALLOCATION
for i in `seq 3 254`
do
echo $ALLOCATION.$i >> /path/too/file/location/$ALLOCATION
done
ETH=`/sbin/ifconfig | grep eth0 | tail -n1 | cut -f2 -d':' | cut -f1 -d' '`
I have the following command:
httpd.conf | grep AuthUserFile | cut -d" " -f4 | sed -e 's|["'\'']||g'
the output of this is:
/etc/httpd/secure/htpasswd.training
I did:
httpd.conf | grep AuthUserFile | cut -d" " -f4 | sed -e 's|["'\'']||g'| cat
However this just returned:
/etc/httpd/secure/htpasswd.training
I want to cat the contents of the file. How do I do this?
Piping to xargs cat will pass stdin as an argument to cat, printing the file.
Alternatively try: cat $( some command printing a filename ).
You could try surrounding your initial command with backticks as the argument to cat, like so:
cat `httpd.conf | grep AuthUserFile | cut -d" " -f4 | sed -e 's|["'\'']||g'`
i use the following code to download all mysql database in a different file and not in one file (like --all-databases) and put them in the /backup/mysql folder
#!/bin/bash
mysqldump=`which mysqldump`
echo $mysqldump
mkdir /backup/mysql/$(date '+%d-%b-%Y')
echo "creating folder for current date done"
for line in "$(mysqlshow |cut -f1 -d"-" | cut -c 3- | cut -f1 -d" ")"
do
$mysqldump $line > /backup/mysql/$(date '+%d-%b-%Y')/"$line"
echo "$line\n"
done
I used the cut pipes to remove dashes and empty space before and at the end of the database name and it gave me what I want.
The problem is at line 13 according to bash but with no more details. Any ideas what I'm doing wrong?
mysqlshow output format
+---------------------+
| Databases |
+---------------------+
| information_schema |
| gitlabhq_production |
| mysql |
| performance_schema |
| phpmyadmin |
| test |
+---------------------
Your script doesn't manage the first 3 lines nor the last one, so you $line variable is invalid.
Solution
mysql | tail -n +4 | head -n -1 | tr -d '| '
tail -n +4: skip first four lines (may need adjustement);
head -n -1: ignore last line ;
tr -d '| ': remove pipe and space.
Advices
quotes your variables ;
use $() instead of backtick ;
don't use for i in $(ls *.mp3).
read How can I read a file (data stream, variable) line-by-line (and/or field-by-field)?
Better solution
Instead of a for loop you should use a while with a Process Substitution:
while read -r db; do
echo "[$db]";
done < <(mysqlshow -u root -p | tail -n +3 | head -n -1 | tr -d ' |' )
I want to generate list of users having malware in their public html
I am using avgscan for scanning,
/opt/avg/av/bin/avgscan -a -c --ignerrors --report=avoutput.txt
but it generates report like
/home/someuser/mail/info/cur/1395054106.H396740P84180,S=47470:2,S:/form_ident.rar Trojan horse Inject2.WPP
/home/someuser/public_html/__swift/files/attach_pq2ar348en1z435o5jhqy37de2xfb391 Trojan horse Zbot.BMI
I tried some thing but it didnt workout as list also have /backup folder which I don't want to be counted in list
I just need list of users, how to do?
#!/bin/bash
in="your_av_report file.txt" # in this case avoutput.txt
a=$(cat $in | grep -i "/mail/" | grep -v "/backup/" | cut -d'/' -f3 | awk '!a[$0]++' | uniq)
b=$cat $in | grep -i "/public_html/" | grep -v "/backup/" | cut -d'/' -f3 | awk '!a[$0]++' | uniq)
echo $a >>foo.txt
echo $b >>foo.txt
I hope it Helps :)
I've created the following script
#!/bin/bash
shdw=$(cat /etc/shadow | cut -d: -f1,2)
users=$(cat /etc/passwd | cut -d: -f3,4,5,6,7)
echo $users:$shdw >> bk.txt
I want it to save each user account into one line. perhaps a do while iduno
The join program is your friend:
join -t : /etc/passwd /etc/shadow | cut -d: -f3-7,1,8
cut -d: -f1-2 /etc/shadow > myshadow
cut -d: -f3-7 /etc/passwd > mypasswd
paste -d: mypasswd myshadow >> bk.txt