ScriptsCollections/ServerUserCreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for different log output and missing different cut flow in function

Browse Source
This commit is contained in:
Clemens Schwaighofer
2022-11-21 18:29:47 +09:00
parent 16e6b98399
commit aa0594e17f
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
bin/collect_login_data.sh
View File

@@ -29,14 +29,19 @@ function parseLog()
line="${1}";
auth_log="${2}";
start_year="${3}";
debug="${4}";
logger="${4}";
debug="${5}";
# echo "L: $line";
auth_date=$(echo "${line}" | cut -c 1-6)" ${start_year} "$(echo "${line}" | cut -c 8-15);
auth_date=$(echo "${auth_date}" | date +"%F %T" -f -);
# auth user has . at the end, remove that one
auth_user=$(echo "${line}" | cut -d "]" -f 2 | cut -d " " -f 7 | cut -d "." -f 1);
if [ "${logger}" = "systemd" ]; then
auth_user=$(echo "${line}" | cut -d "]" -f 2 | cut -d " " -f 7 | cut -d "." -f 1);
else
auth_user=$(echo "${line}" | cut -d ")" -f 2 | cut -d " " -f 6 | cut -d "(" -f 1);
fi;
# echo -n "USER: $auth_user | DATE: $auth_date";
@@ -78,7 +83,7 @@ if [ -z "${init_version##*systemd*}" ]; then
# " of user <username>"
# we want date + time + username
# prefix year with start date year
parseLog "${line}" "${AUTH_LOG}" "${START_YEAR}" 0;
parseLog "${line}" "${AUTH_LOG}" "${START_YEAR}" "${LOG_TARGET}" 0;
done;
else
LOG_TARGET="syslog";
@@ -86,20 +91,20 @@ else
if [ $RUN_FULL_LOG -eq 1 ]; then
# we loop over EACH file and get the DATE so we can have the correct YEAR
for sfile in $(ls -1 /var/log/secure*bz2); do
tz=$(stat -c %z "${sfile}");
tz=$(stat -c %Z "${sfile}");
START_YEAR=$(date +%Y -d @${tz});
bunzip2 -ck "${sfile}" | grep ": session opened for user" |
bunzip2 -ck "${sfile}" | grep ": session opened for user" | grep " by (uid=0)" |
while read line; do
parseLog "${line}" "${AUTH_LOG}" "${START_YEAR}" 0;
parseLog "${line}" "${AUTH_LOG}" "${START_YEAR}" "${LOG_TARGET}" 0;
done;
done;
# read all
START_DATE="sshd"
fi;
START_YEAR=$(date +%Y -d "1 day ago");
cat /var/log/secure | grep "${START_DATE}" | grep ": session opened for user" |
cat /var/log/secure | grep "${START_DATE}" | grep ": session opened for user" | grep " by (uid=0)" |
while read line; do
parseLog "${line}" "${AUTH_LOG}" "${START_YEAR}" 0;
parseLog "${line}" "${AUTH_LOG}" "${START_YEAR}" "${LOG_TARGET}" 0;
done;
fi;