Shell Script to search Failed Ftp Login AttemptsThis Shell script will search the server logs on daily basis and will email you the Failed Ftp Login Attempts of the day. The ftp logs are saved in the /var/log/messages file as by default there is no separate log file for Ftp in Linux.
Create a file /home/script/failedftp.sh and paste the below code:
#!/bin/bashSave the file. You now have to schedule a cron to execute the file once in a day to search logs. Edit the cron file
#Retrieve the current date
CUR_DATE=`date +”%b %e”`
#Create a temporary file to store the logs
touch /tmp/out.txt
echo “List Follows” > /tmp/out.txt
#Search the failed attempts and save in the temporary file
/bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep failed >> /tmp/out.txt
#Email the contents of the file to your email address
/bin/mail -s “Failed Ftp Login Attempts on ‘$CUR_DATE’ ” youremail@yourdomain.com < /tmp/out.txt
crontab -eand add the following cron job
59 23 * * * /bin/sh /home/script/failedftp.shNote:
1) This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.
2) If you copy/paste the script as it is in shell, the single and double quotes may change to dots (.) so make sure you correct them before executing the script.
No comments:
Post a Comment