Friday, May 12, 2017

Script Cek User Login di VPS Debian 8 (Jessie)

Pada tutorial kali ini saya akan menjelaskan bagaimana cara membuat script untuk cek user login di dropbear dan openssh.

Tutorial berikut sudah pernah saya praktekkan di Debian 7 & 8 64 bit.

1. Login ke VPS menggunakan user root.

2. Buat file login.sh :

nano login.sh

3. Isikan script berikut :

#!/bin/bash
# edited by ME
data=( `ps aux | grep -i dropbear | awk '{print $2}'`);
echo "Dropbear Login";
echo "---";
for PID in "${data[@]}"
do
        #echo "check $PID";
        NUM=`cat /var/log/auth.log | grep -i dropbear | grep -i "Password auth succeeded" | grep "dropbear\[$PID\]" | wc -l`;
        USER=`cat /var/log/auth.log | grep -i dropbear | grep -i "Password auth succeeded" | grep "dropbear\[$PID\]" | awk '{print $10}'`;
        IP=`cat /var/log/auth.log | grep -i dropbear | grep -i "Password auth succeeded" | grep "dropbear\[$PID\]" | awk '{print $12}'`;
        if [ $NUM -eq 1 ]; then
                echo "$PID - $USER - $IP";
        fi
done
echo "---";
data=( `ps aux | grep "\[priv\]" | sort -k 72 | awk '{print $2}'`);
echo "OpenSSH Login";
echo "---";
for PID in "${data[@]}"
do
        #echo "check $PID";
        NUM=`cat /var/log/auth.log | grep -i sshd | grep -i "Accepted password for" | grep "sshd\[$PID\]" | wc -l`;
        USER=`cat /var/log/auth.log | grep -i sshd | grep -i "Accepted password for" | grep "sshd\[$PID\]" | awk '{print $9}'`;
        IP=`cat /var/log/auth.log | grep -i sshd | grep -i "Accepted password for" | grep "sshd\[$PID\]" | awk '{print $11}'`;
        if [ $NUM -eq 1 ]; then
                echo "$PID - $USER - $IP";
        fi
done
echo "> Promote: Arifin @bustami";

Simpan file tersebut.

4. Ubah permission :
chmod +x login.sh

Untuk cek user yang sedang login kita cukup menjalankan perintah :
./login.sh

Comments


EmoticonEmoticon