Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

login audit bash script

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting login audit bash script
# 15  
Old 02-19-2012
Yes, sorting the output would have been disaster!

You can try adding a sort after the grep in the pipeline. This will sort based on the start login time and write the most recent events first. In addition, add an exit after you print the first bit of data. This will allow any 'still logged in' records to be discarded, and will print the last complete session for the user.

Code:
grep $user /tmp/$USER.wtmp| sort  -k 7rn,7 -k 4rM,4 -k 5rn,5 -k 6rn,6  | while read  uname tty st_dow st_mon st_day st_time st_yr junk end_dow end_mon end_day end_time end_yr ttime host 
do
    case $end_dow in
        crash|gone|down|still) ;;       # ignore those with missing info
        *)
            printf "\n"
            printf "       User:\t%s\n" $uname
            printf "      Start:\t%s %s %s %s\n" $st_dow $st_mon $st_day $st_time
            printf "        End:\t%s %s %s %s\n" $end_dow $end_mon $end_day $end_time
            printf "    Time On:\t%s\n" $ttime
            printf "Remote Host:\t%s\n" ${host:-localhost}
            exit 0
        ;;
    esac
done

---------- Post updated at 13:29 ---------- Previous update was at 13:26 ----------

I forgot to mention that you might want to tighten up the sort a bit. It sorts based on year, month, day and hour, but doesn't take into account minutes, so if a user logged in and out twice in the same hour, you might not get the most recent one.
# 16  
Old 02-19-2012
Quote:
Originally Posted by agama
Yes, sorting the output would have been disaster!

You can try adding a sort after the grep in the pipeline. This will sort based on the start login time and write the most recent events first. In addition, add an exit after you print the first bit of data. This will allow any 'still logged in' records to be discarded, and will print the last complete session for the user.

Code:
grep $user /tmp/$USER.wtmp| sort  -k 7rn,7 -k 4rM,4 -k 5rn,5 -k 6rn,6  | while read  uname tty st_dow st_mon st_day st_time st_yr junk end_dow end_mon end_day end_time end_yr ttime host 
do
    case $end_dow in
        crash|gone|down|still) ;;       # ignore those with missing info
        *)
            printf "\n"
            printf "       User:\t%s\n" $uname
            printf "      Start:\t%s %s %s %s\n" $st_dow $st_mon $st_day $st_time
            printf "        End:\t%s %s %s %s\n" $end_dow $end_mon $end_day $end_time
            printf "    Time On:\t%s\n" $ttime
            printf "Remote Host:\t%s\n" ${host:-localhost}
            exit 0
        ;;
    esac
done

---------- Post updated at 13:29 ---------- Previous update was at 13:26 ----------

I forgot to mention that you might want to tighten up the sort a bit. It sorts based on year, month, day and hour, but doesn't take into account minutes, so if a user logged in and out twice in the same hour, you might not get the most recent one.
=================================================
I really appreciate your help. I changed the script so I can handle it with my own knowledge. Your script is very professional and I didn't understand the whole script. I attached the part that I did on my own here however, I need to calculate the TIME ON as well. I would like to use "bc". could you help me with that too?
Code:
leng=`expr length "$username"`
# if username length is more than 8 characters print an error.
if [ $leng -gt 8 ]; then
    new_username=$(echo $username | cut -c 1-8)
    else
    new_username=$username
fi
ls /var/log/wtmp*bz2 | while read file    # for each wtmp file
do
    bunzip2 -dc $file >$tfile    # uncompress writing output to tmp file
    last -F -a -f $tfile         # run last on it
    done >$big_file             # save all output from last in one file

last -F -a >>$big_file              # append formatted output from current wtmp

rm $tfile                           # tmp file not needed

echo $big_file | egrep $new_username /tmp/tst/$USER.wtmp > /tmp/tst/mytst

# The Start Date Calculation
st_dat=$(cat /tmp/tst/mytst | head -1 | cut -c 27-32)
st_dat1=$(cat /tmp/tst/mytst | head -1 | cut -c 43-46)
st_dat2=$(echo $st_dat", "$st_dat1)
echo Start Date:    $st_dat2    # THIS IS THE START DATE OUTPUT
# The End Date Calculation
end_dat=$(cat /tmp/tst/mytst | tail -1 | cut -c 53-59)
end_dat1=$(cat /tmp/tst/mytst | tail -1| cut -c 70-75 )
end_dat2=$(echo $end_dat", "$end_dat1)
echo End Date:    $end_dat2    # THIS IS THE START DATE OUTPUT

---------- Post updated at 04:41 PM ---------- Previous update was at 04:38 PM ----------

This is a sample of my output in a txt file that I need to calculate the TIME ON from:
Quote:
myusername pts/0 Thu Jun 9 13:38:50 2011 - Thu Jun 9 14:50:32 2011 (01:11) 142.204.248.97
myusername pts/0 Tue Jul 12 00:55:54 2011 - Tue Jul 12 01:09:52 2011 (00:13) cpe78cd8e665c10-cm78cd8e665c0d.cpe.net.c
myusername pts/0 Sat Jul 9 00:11:08 2011 - Sat Jul 9 02:17:10 2011 (02:06) bas2-toronto61-2925079982.dsl.bell.ca
myusername pts/0 Fri Jul 29 10:05:30 2011 - Fri Jul 29 11:44:10 2011 (01:38) 142.204.104.18
myusername pts/2 Wed Aug 3 17:30:55 2011 - Wed Aug 3 19:07:25 2011 (01:36) bas2-toronto61-2925081326.dsl.bell.ca
myusername pts/2 Wed Aug 3 17:24:11 2011 - Wed Aug 3 17:30:46 2011 (00:06) bas2-toronto61-2925081326.dsl.bell.ca
myusername pts/9 Wed Aug 3 16:52:44 2011 - Wed Aug 3 17:23:50 2011 (00:31) bas2-toronto61-2925081326.dsl.bell.ca
myusername pts/7 Wed Aug 3 16:50:25 2011 - Wed Aug 3 17:23:56 2011 (00:33) bas2-toronto61-2925081326.dsl.bell.ca
myusername pts/4 Wed Aug 3 10:59:13 2011 - Wed Aug 3 11:37:14 2011 (00:38) 142.204.248.97
myusername pts/1 Wed Aug 3 10:52:23 2011 - Wed Aug 3 11:37:06 2011 (00:44) 142.204.248.97
# 17  
Old 02-19-2012
The time on is the value in parens. In the example below, the user was logged in just over an hour:

Code:
myusername pts/0 Thu Jun 9 13:38:50 2011 - Thu Jun 9 14:50:32 2011 (01:11) 142.204.248.97

I don't think you need to compute anything, unless you need to sum the total time over all entries.

A couple of pointers:
You don't need to cat files into most commands. Certainly not head, grep and the like. You can use this form:

Code:
st_dat1=$(head -1 cat /tmp/tst/mytst | cut -c 43-46)

Head reads from the file named on the command line, so cat and pipe are unnecessary.

To 'join' the values of two variables together, you don't need echo:
Code:
st_dat2="$st_dat, $st_dat1"

# 18  
Old 02-19-2012
Thanks very much. I fixed them. very insightful points. I am learning...Smilie
Yes, I need to add up my time and get a total. I posted my question here:
https://www.unix.com/shell-programmin...-bash-how.html
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to block first bash script until second bash script script launches web server/site?

I'm new to utilities like socat and netcat and I'm not clear if they will do what I need. I have a "compileDeployStartWebServer.sh" script and a "StartBrowser.sh" script that are started by emacs/elisp at the same time in two different processes. I'm using Cygwin bash on Windows 10. My... (3 Replies)
Discussion started by: siegfried
3 Replies

2. Shell Programming and Scripting

Automate OTPW login to ssh via bash script

Hello everyone. I'm a Linux novice trying out a lot of bash scripting lately, as it is so very addictive. Lately I have been setting up one of my boxes remotely and have been hardening it as much as possible. Please allow me to explain the scenario, as it does tend to become a little... (1 Reply)
Discussion started by: instro
1 Replies

3. UNIX for Dummies Questions & Answers

Login PID in sh/bash different

In bourne shell the PID generated for the command "ps" matches my login id PID in the command "who -Hu" but in bash/linux the PID generated with the same commands are different . Why so? (2 Replies)
Discussion started by: asd78in
2 Replies

4. AIX

When AIX audit start, How to set the /audit/stream.out file size ?

Dear All When I start the AIX(6100-06)audit subsystem. the log will save in /audit/stream.out (or /audit/trail), but in default when /audit/stream.out to grow up to 150MB. It will replace the original /audit/stream.out (or /audit/trail). Then the /audit/stream.out become empty and... (2 Replies)
Discussion started by: nnnnnnine
2 Replies

5. Shell Programming and Scripting

Bash Login tester Script help!

Hello, first of all, I am a pretty experience c++ programmer, but have never really bothered learning bash scripting at all, so I know conceptually things that can be done in c++, but I'm not too sure about bash. I'm trying to learn Bash, and wanted to start out with a practical application. So I... (1 Reply)
Discussion started by: RSPdev
1 Replies

6. Shell Programming and Scripting

Help with Unix bash shell script login

Hi, I am a complete Unix novice and need some help with creating a login shell script. I have created a file with user details i.e. PIN, name etc and require help in recalling the specified details from the file and being prompted for a password on login. Any help would be very much appreciated.... (0 Replies)
Discussion started by: tdsrogers
0 Replies

7. Shell Programming and Scripting

BASH ssh login

Ok, there's been a good number of posts about this, but here goes. I want a script to log in to a system via ssh without using keys. This will be used to log in to Cisco IOS devices. I have tried the following, but could not get it to work: SSH login expect shell script to supply username and... (1 Reply)
Discussion started by: mike909
1 Replies

8. Shell Programming and Scripting

syntax error in audit script

Hi, When I run the following script #!/bin/sh email="rc@dll.com" subject="response times are more than a SECOND" rt=`tail audit.log | grep -i operationResponseTime | awk '{print $2}'` if then ### Mail the file to the mailbox mail -s $subject $email <<-end $rt ~.... (3 Replies)
Discussion started by: openspark
3 Replies

9. Shell Programming and Scripting

bash ssh login script

hello anyone have done ssh login script without "expect" (automatic login from host A / user b to Host B / user b without enter any passwords)? cheers (2 Replies)
Discussion started by: modcan
2 Replies

10. Shell Programming and Scripting

bash script for ssh login-

hi. I need a bash script which can login to an other mashin via SSH and then run some commands and then return the result to my mashine. I dont know where to begin, I think first I will need a ssh connection, dont know how to make it, then , do I need a ftp connection between the 2 mashins to... (5 Replies)
Discussion started by: big_pil
5 Replies
Login or Register to Ask a Question