A script that analyze the log files /var/log/auth.log*, /var/log/secure*, utmp/wtmp for illegal break-in attempts and writes all output to text file.
- Analyze logs from:
- /var/log/auth.log*
- /var/log/secure*
- /var/log/wtmp
- /var/run/utmp
- Script tested on Ubuntu 20.04.
- Copy break-in_analyzer your host machine
- Give execution permission by running
chmod +x breakins_analyzer.sh - Then run the script as below:
$ ./breakins_analyzer.sh
- Specify with logs to be analyzed e.g. auth, secure, utmp or wtmp
- Specify FULL path of the logs location together with wildcard symbol (if you analyzing more than 1 logs) e.g.
/home/user/var_logs/auth* - Wait until it finished analyzing the logs
- The result with be shown on the terminal & written into
outputfolder together with file named:- auth_output.log
- secure_output.log
- utmp_output.log
- wtmp_output.log
- 1.0 (15 Oct 2021): First version of the script.
- 1.1 (17 Oct 2021): Refined few search pattern.
- 1.2 (18 Oct 2021): Add save output/result into txt file.
- Adding more file to be analyzed
MIT License. Copyright (c) 2021 Mohd Khairulazam. See License.