Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

login audit bash script

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting login audit bash script
# 8  
Old 02-19-2012
This is what I have done so far with your help:
Code:
#!/bin/bash
if [ $# -ne 1 ]; then
    echo Usage: timeon username
    exit 1
fi
if [ $# -eq 1 ]
    then
        user=$1
#    else
#        user=$USER
fi
# check if the user exists on Matrix
a=$(ypcat passwd | grep -w ^$user)
if [ "$a" == "" ]
    then
        echo "$user does not exist on Matrix, try again." >&2
        exit 2
elif [ "$a" != "" ]; then
        # get the username
        username=$(echo $a | cut -d: -f1)
        echo Username:    $username
fi
# Check for existing /tmp/tst folder
if [ "/tmp/tst" != "" ]; then
rm -rf /tmp/tst
# Make a directory in /tmp called tst
mkdir -p /tmp/tst
fi
# Copy wtmp files in /tmp/tst folder and unzip them:

cd /tmp/tst                     # safe place to work
tfile=/tmp/tst/wtmp.$$          # temp file to uncompress into
big_file=/tmp/tst/$USER.wtmp    #collect all output from wtmp into one file

ls /var/log/wtmp*bz2 | while read file    # for each wtmp file
do
    bunzip2 -dc $file >$tfile   # uncompress writing output to tmp file
    last -F -a -f $tfile        # run last on it
done >$big_file                 # save all output from last in one file
last -F -a >>$big_file          # append formatted output from current wtmp
rm $tfile                       # tmp file not needed

### parse your big file (/tmp/$USER.wtmp) here #####

# cleanup before exit
#rm $big_file
b=$( cat /tmp/tst/$USER.wtmp | grep $user )
echo $b

but what I get as the output is some data that I don't know how to add them up for the followings:
Start Date: Sept 27, 2011 End Date : Jan 26, 2012 Time On : 31hrs 12min
I know that I have to use grep and bc but don't know how.
This is the example of my output:
Quote:
Username: kkaur73
kkaur73 pts/5 Thu Jun 9 12:12:43 2011 - Thu Jun 9 12:21:56 2011 (00:09) 142.204.247.5 kkaur73 pts/0 Fri Jun 24 01:10:43 2011 - Fri Jun 24 02:08:42 2011 (00:57) cpe78cd8e665c10-cm78cd8e665c0d.cpe.net.c kkaur73 pts/6 Wed Aug 3 11:52:58 2011 - Wed Aug 3 12:34:58 2011 (00:42) 142.204.142.253 kkaur73 pts/3 Wed Aug 3 11:45:15 2011 - Wed Aug 3 13:53:19 2011 (02:08) 142.204.142.253 kkaur73 pts/4 Tue Aug 2 14:33:38 2011 - Tue Aug 2 14:41:42 2011 (00:08) 142.204.142.227 kkaur73 pts/4 Tue Aug 2 12:48:36 2011 - Tue Aug 2 13:09:06 2011 (00:20) bas2-toronto61-2925079963.dsl.bell.ca kkaur73 pts/3 Sat Jul 30 12:05:51 2011 - Sat Jul 30 13:36:24 2011 (01:30) bas2-toronto61-2925081107.dsl.bell.ca kkaur73 pts/0 Thu Jul 28 21:31:13 2011 - Fri Jul 29 00:01:02 2011 (02:29) bas2-toronto61-1168013430.dsl.bell.ca kkaur73 pts/0 Sun Jul 24 16:04:01 2011 - Sun Jul 24 18:31:13 2011 (02:27) bas2-toronto61-2925080149.dsl.bell.ca kkaur73 pts/0 Tue Aug 9 10:53:54 2011 - Tue Aug 9 11:12:30 2011 (00:18) 142.204.248.107 kkaur73 pts/0 Tue Aug 9 01:35:13 2011 - Tue Aug 9 01:57:46 2011 (00:22) bas2-toronto61-2925079899.dsl.bell.ca kkaur73 pts/3 Mon Aug 8 23:39:59 2011 - Tue Aug 9 01:10:44 2011 (01:30) bas2-toronto61-2925080350.dsl.bell.ca kkaur73 pts/1 Mon Aug 8 21:25:50 2011 - Tue Aug 9 01:10:44 2011 (03:44) bas2-toronto61-2925080350.dsl.bell.ca kkaur73 pts/1 Wed Aug 3 14:58:45 2011 - Wed Aug 3 15:15:05 2011 (00:16) 142.204.248.97
# 9  
Old 02-19-2012
You've got a good start. You're getting lots of 'jumbled' output because you are assigning it to a variable and that's messing with newlines. Try adding this to the end of your script instead of the last two lines (it's from earlier in the tread with the last command replaced with the grep):

Code:
# your script as you have it up to here....
# cleanup before exit
#rm $big_file

grep $user  /tmp/tst/$USER.wtmp | awk '
    /wtmp begins/ { next; }
    /still logged in/ { next; }
    $0 == reboot { next; }

    NF > 0  {
        if( NR > 1 )
            printf( "\n" );

        printf( "       User:\t%s\n", $1 );     # user
        printf( "      Start:\t%s %s %s %s\n", $3, $4, $5, $6 );
        if( $9 == "down" )
            printf( "        End:\tshutdown\n" );
        else
            printf( "        End:\t%s %s %s %s\n", $9, $10, $11, $12 );

        if( substr( $NF, 1, 1 ) == "(" )
        {
            t = $NF;
            h = "localhost";
        }
        else
        {
            t = $(NF-1);
            h = $NF;
        }

        gsub( "[()]", "", t );
        printf( "    Time On:\t%s\n", t );
        printf( "Remote Host:\t%s\n", h );
} '

This will format each entry from the huge wtmp output for the given user. If you need a total time, or a single entry with totals instead of one per login, then the awk will need to be changed or replaced with something you are more comfortable with. Adding this, and running it, I think will let you see how you need to go forward with the grep and processing the complete wtmp output.

Hope this helps/makes sense.
# 10  
Old 02-19-2012
Quote:
Originally Posted by agama
You've got a good start. You're getting lots of 'jumbled' output because you are assigning it to a variable and that's messing with newlines. Try adding this to the end of your script instead of the last two lines (it's from earlier in the tread with the last command replaced with the grep):

Code:
# your script as you have it up to here....
# cleanup before exit
#rm $big_file

grep $user  /tmp/tst/$USER.wtmp | awk '
    /wtmp begins/ { next; }
    /still logged in/ { next; }
    $0 == reboot { next; }

    NF > 0  {
        if( NR > 1 )
            printf( "\n" );

        printf( "       User:\t%s\n", $1 );     # user
        printf( "      Start:\t%s %s %s %s\n", $3, $4, $5, $6 );
        if( $9 == "down" )
            printf( "        End:\tshutdown\n" );
        else
            printf( "        End:\t%s %s %s %s\n", $9, $10, $11, $12 );

        if( substr( $NF, 1, 1 ) == "(" )
        {
            t = $NF;
            h = "localhost";
        }
        else
        {
            t = $(NF-1);
            h = $NF;
        }

        gsub( "[()]", "", t );
        printf( "    Time On:\t%s\n", t );
        printf( "Remote Host:\t%s\n", h );
} '

This will format each entry from the huge wtmp output for the given user. If you need a total time, or a single entry with totals instead of one per login, then the awk will need to be changed or replaced with something you are more comfortable with. Adding this, and running it, I think will let you see how you need to go forward with the grep and processing the complete wtmp output.

Hope this helps/makes sense.
You are awesome! Thank You!
it is a fantastic piece of code but, I never worked with awk and it is getting too complicated for me. is there anyway you simplify this for me with use of grep? I need the:
Start Date
End Date
Time On in minutes

Like I said I am a beginner in scripting.Smilie
# 11  
Old 02-19-2012
This might be a bit easier to grock:

Code:
grep $user /tmp/$USER.wtmp| while read  uname tty st_dow st_mon st_day st_time st_yr junk end_dow end_mon end_day end_time end_yr ttime host
do
    case $end_dow in
        crash|gone|down|still) ;;       # ignore those with missing info
        *)
            printf "\n"
            printf "       User:\t%s\n" $uname
            printf "      Start:\t%s %s %s %s\n" $st_dow $st_mon $st_day $st_time
            printf "        End:\t%s %s %s %s\n" $end_dow $end_mon $end_day $end_time
            printf "    Time On:\t%s\n" $ttime
            printf "Remote Host:\t%s\n" ${host:-localhost}
        ;;
    esac
done

# 12  
Old 02-19-2012
Quote:
Originally Posted by agama
This might be a bit easier to grock:

Code:
grep $user /tmp/$USER.wtmp| while read  uname tty st_dow st_mon st_day st_time st_yr junk end_dow end_mon end_day end_time end_yr ttime host
do
    case $end_dow in
        crash|gone|down|still) ;;       # ignore those with missing info
        *)
            printf "\n"
            printf "       User:\t%s\n" $uname
            printf "      Start:\t%s %s %s %s\n" $st_dow $st_mon $st_day $st_time
            printf "        End:\t%s %s %s %s\n" $end_dow $end_mon $end_day $end_time
            printf "    Time On:\t%s\n" $ttime
            printf "Remote Host:\t%s\n" ${host:-localhost}
        ;;
    esac
done

How can I only get the latest date from the above loop? I tried to insert the result in a txt file and use sort but didn't work!
# 13  
Old 02-19-2012
try an command pinky u dnt need script for such an job
# 14  
Old 02-19-2012
Quote:
Originally Posted by yoginder00
try an command pinky u dnt need script for such an job
I need a script. if you can help I appreciate it!
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to block first bash script until second bash script script launches web server/site?

I'm new to utilities like socat and netcat and I'm not clear if they will do what I need. I have a "compileDeployStartWebServer.sh" script and a "StartBrowser.sh" script that are started by emacs/elisp at the same time in two different processes. I'm using Cygwin bash on Windows 10. My... (3 Replies)
Discussion started by: siegfried
3 Replies

2. Shell Programming and Scripting

Automate OTPW login to ssh via bash script

Hello everyone. I'm a Linux novice trying out a lot of bash scripting lately, as it is so very addictive. Lately I have been setting up one of my boxes remotely and have been hardening it as much as possible. Please allow me to explain the scenario, as it does tend to become a little... (1 Reply)
Discussion started by: instro
1 Replies

3. UNIX for Dummies Questions & Answers

Login PID in sh/bash different

In bourne shell the PID generated for the command "ps" matches my login id PID in the command "who -Hu" but in bash/linux the PID generated with the same commands are different . Why so? (2 Replies)
Discussion started by: asd78in
2 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Shell Programming and Scripting

Bash Login tester Script help!

Hello, first of all, I am a pretty experience c++ programmer, but have never really bothered learning bash scripting at all, so I know conceptually things that can be done in c++, but I'm not too sure about bash. I'm trying to learn Bash, and wanted to start out with a practical application. So I... (1 Reply)
Discussion started by: RSPdev
1 Replies

6. Shell Programming and Scripting

Help with Unix bash shell script login

Hi, I am a complete Unix novice and need some help with creating a login shell script. I have created a file with user details i.e. PIN, name etc and require help in recalling the specified details from the file and being prompted for a password on login. Any help would be very much appreciated.... (0 Replies)
Discussion started by: tdsrogers
0 Replies

7. Shell Programming and Scripting

BASH ssh login

Ok, there's been a good number of posts about this, but here goes. I want a script to log in to a system via ssh without using keys. This will be used to log in to Cisco IOS devices. I have tried the following, but could not get it to work: SSH login expect shell script to supply username and... (1 Reply)
Discussion started by: mike909
1 Replies

8. Shell Programming and Scripting

syntax error in audit script

Hi, When I run the following script #!/bin/sh email="rc@dll.com" subject="response times are more than a SECOND" rt=`tail audit.log | grep -i operationResponseTime | awk '{print $2}'` if then ### Mail the file to the mailbox mail -s $subject $email <<-end $rt ~.... (3 Replies)
Discussion started by: openspark
3 Replies

9. Shell Programming and Scripting

bash ssh login script

hello anyone have done ssh login script without "expect" (automatic login from host A / user b to Host B / user b without enter any passwords)? cheers (2 Replies)
Discussion started by: modcan
2 Replies

10. Shell Programming and Scripting

bash script for ssh login-

hi. I need a bash script which can login to an other mashin via SSH and then run some commands and then return the result to my mashine. I dont know where to begin, I think first I will need a ssh connection, dont know how to make it, then , do I need a ftp connection between the 2 mashins to... (5 Replies)
Discussion started by: big_pil
5 Replies
Login or Register to Ask a Question