[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

Check shell login by ip

I need to make a small bash script that checks shell logins from the last N days and tells me if a certain IP address has been connected to my machine in that period of time.

The script would have 2 arguments:
- argument1 - the past number of days you want to check. That means look at today's date minus argument1 days.

- argument2 - the IP address that may or may not have connected to the shell in that period of time.

E.g: check.sh 5 192.168.1.5 would tell me if 192.168.1.5 has been connected to the shell in the last 5 days
0
LAME-ER
Asked:
LAME-ER
1 Solution
 
MikeOM_DBACommented:
You can find that information using the 'last' command (man last).
 
 
 
 
0
 
Monis MontherSystem ArchitectCommented:
Hi there

exactly you have the last command, just do

last |grep 192.168.x.y or any IP as the output might scroll down a few pages
0
 
woolmilkporcCommented:
Note -
last alone will display hostnames, where possible.

To search for IP numbers only, as you requested, you should use the -i flag of last,
so it displays the IP number in numbers-and-dots notation instead of the hostname.
last -i | grep [IP]
 wmp
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
woolmilkporcCommented:
Now for the "last N days" stuff - check this:
#!/bin/bash
last -i | grep $2 | while read line
  do
    let days=$(echo $line | date -d "$(awk '{print $5, $6}')" +"%s")/86400
    let start=$(date +"%s")/86400-\(${1}+1\)
    [ $days -ge $start ] && echo "$line"
  done
exit
Remarks -
1) the script expects month and day in columns 5 and 6, respectively. In some systems it's columns 4 and 5. Please adjust, if necessary.
2) some systems do not support the -i flag. In this case, you'll have to take it away and search for hostnames, unfortunately.
3) you need GNU date
4) I had not much time to make it really "elegant" - sorry for that.
Have fun
wmp
0
 
woolmilkporcCommented:
... OK, take the "let start=" line out of the loop (put it just after the "#!/bin/bash" line). It's nonsense to have that statement inside the loop.
0
 
woolmilkporcCommented:
A corrected version to handle the year shift in a (nearly) consistent manner. There is probably a blur with leap years, however.
#!/bin/bash
let today=$(date +"%s")/86400
let start=$today-\(${1}+1\)
last -i | grep $2 | while read line
 do
  let days=$(echo $line | date -d "$(awk '{print $5, $6}')" +"%s")/86400
  [ $days -gt $today ] && let days=days-365
 [ $days -ge $start ] && echo "$line"
 done
exit
0
 
MikeOM_DBACommented:
@woolmilkporc:
Unfortunately your script ignores sessions later than 'N' days which are still login.
 
 
0
 
woolmilkporcCommented:
OK, you got me. Yet another line to modify -
#!/bin/bash
let today=$(date +"%s")/86400
let start=$today-\(${1}+1\)
last -i | grep $2 | while read line
 do
  let days=$(echo $line | date -d "$(awk '{print $5, $6}')" +"%s")/86400
  [ $days -gt $today ] && let days=days-365
  [ $days -ge $start -o $(echo $line | grep -ic "still logged in") -gt 0 ] && echo "$line"
done
exit
 Waiting for next bug report ...
(Don't mention those leap years! And yes, very old sessions are a problem)
 
0
 
LAME-ERAuthor Commented:
Thank you for your solution and sorry about the delay! This really helped me a lot! Much appreciate!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now