Created
June 1, 2023 23:48
-
-
Save technovangelist/4fd23c9c23204487d976e4ac89bdcb6f to your computer and use it in GitHub Desktop.
Recently used SSH logins
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Array to store unique public key signatures | |
| declare -A public_keys | |
| # Loop through auth.log files | |
| for file in /var/log/auth.log*; do | |
| # Check if file exists and is readable | |
| if [ -r "$file" ]; then | |
| # Extract public key signatures, timestamps, users, and source IP addresses | |
| while read -r line; do | |
| if [[ $line =~ "publickey" && $line =~ "Accepted" ]]; then | |
| signature=$(echo "$line" | awk '{print $NF}') | |
| timestamp=$(echo "$line" | awk '{print $1, $2, $3}') | |
| user=$(echo "$line" | awk '{print $9}') | |
| source_ip=$(echo "$line" | awk '{print $11}') | |
| public_keys["$signature"]="$timestamp, User: $user, From: $source_ip" | |
| fi | |
| done < "$file" | |
| fi | |
| done | |
| # Output unique public key signatures, last usage timestamps, users, and source IP addresses | |
| for key in "${!public_keys[@]}"; do | |
| echo "Public Key Signature: $key" | |
| echo "Last Used: ${public_keys[$key]}" | |
| echo "---------------------------------------" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment