Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Linux / lastb: Return count of  bad logins JSON format

Posted on 2013-11-18
4
399 Views
Last Modified: 2013-11-21
I use lastb to view all invalid logins.

How can I get a total count of the number of bad logins during the past 60 minutes?

I want the results in this format:

{
"BadLoginsPastHour":147
}

Open in new window

0
Comment
Question by:hankknight
  • 3
4 Comments
 
LVL 14

Expert Comment

by:jb1dev
ID: 39658138
The tricky part here is you have to parse the dates in the lastb output, then compare against current time minus one hour.

Try this:

#!/bin/bash

DATE=`date +%s`
ONE_HOUR=`expr 60 \* 60`
ONE_HOUR_AGO=`expr $DATE - $ONE_HOUR`

isInLastHour() {
    if [ "$1" -gt "$ONE_HOUR_AGO" ]; then
        return 0
    fi
    return 1
}

count=0
IFS=$'\n'
for date in `lastb -F | grep -v "btmp begins" | cut -d '-' -f 2  | sed 's/  (.*//' | sed 's/^ //'`; do 
    LOGINDATE=`date -d $date +%s` 
    if isInLastHour $LOGINDATE ; then
        count=`expr $count + 1`
    fi
done

echo { \"BadLoginsPastHour\": $count }

Open in new window


EDIT escape quotes so they appear in json output.
0
 
LVL 16

Author Comment

by:hankknight
ID: 39665823
I get an error:
invalid option -- F
0
 
LVL 14

Expert Comment

by:jb1dev
ID: 39667159
Does your version of lastb not support he -F option?

Can you paste the output of the following commands
"lastb"
"lastb -F"

For example

exch@exch:~$ lastb
UNKNOWN  pts/12       localhost        Wed Nov 20 12:57 - 12:57  (00:00)    
UNKNOWN  pts/9        localhost        Mon Nov 18 17:01 - 17:01  (00:00)    
exch     pts/9        localhost        Mon Nov 18 17:01 - 17:01  (00:00)    
exch     pts/9        localhost        Mon Nov 18 16:50 - 16:50  (00:00)    
...

Open in new window


exch@exch:~$ lastb -F
UNKNOWN  pts/12       localhost        Wed Nov 20 12:57:09 2013 - Wed Nov 20 12:57:09 2013  (00:00)    
UNKNOWN  pts/9        localhost        Mon Nov 18 17:01:45 2013 - Mon Nov 18 17:01:45 2013  (00:00)    
exch     pts/9        localhost        Mon Nov 18 17:01:41 2013 - Mon Nov 18 17:01:41 2013  (00:00)    
exch     pts/9        localhost        Mon Nov 18 16:50:45 2013 - Mon Nov 18 16:50:45 2013  (00:00)    

Open in new window



On my system, "lastb -F" includes the full date.
Without the -F option I am unclear on how lastb handles dates over a year in the past.

I will look into providing a solution that does not use the -F option.
0
 
LVL 14

Accepted Solution

by:
jb1dev earned 500 total points
ID: 39667175
This should work if your version of lastb does not support the -F option.

#!/bin/bash

DATE=`date +%s`
ONE_HOUR=`expr 60 \* 60`
ONE_HOUR_AGO=`expr $DATE - $ONE_HOUR`

isInLastHour() {
    if [ "$1" -gt "$ONE_HOUR_AGO" ]; then
        return 0
    fi
    return 1
}

count=0
IFS=$'\n'
for date in `lastb | grep -v "btmp begins" | cut -d '-' -f 1  | cut -c 40- | sed 's/  (.*//' | sed 's/^ //'`; do
    LOGINDATE=`date -d $date +%s` 
    if isInLastHour $LOGINDATE ; then
        count=`expr $count + 1`
    fi
done

echo { \"BadLoginsPastHour\": $count }

Open in new window

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question