update cminfo netstat command in 123.09beta01

- Update cminfo netstat command to list more details for failed SSHD logins for top, last 24hrs, last 3hrs and last 1hr IP listing
centminmod · Feb 7, 2021 · f0f1571 · f0f1571
1 parent 2fb1360
commit f0f1571
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/centmin.sh b/centmin.sh
@@ -27,7 +27,7 @@ DT=$(date +"%d%m%y-%H%M%S")
 branchname='123.09beta01'
 SCRIPT_MAJORVER='1.2.3'
 SCRIPT_MINORVER='09'
-SCRIPT_INCREMENTVER='648'
+SCRIPT_INCREMENTVER='649'
 SCRIPT_VERSIONSHORT="${branchname}"
 SCRIPT_VERSION="${SCRIPT_VERSIONSHORT}.b${SCRIPT_INCREMENTVER}"
 SCRIPT_DATE='03/03/2021'

diff --git a/tools/cminfo.sh b/tools/cminfo.sh
@@ -683,6 +683,10 @@ netstat_info() {
         csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t)
         echo "$csfdeny_sshlogins"
 
+        echo -e "\nTop CSF Firewall Failed SSH Logins IPs:"
+        csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | awk '{print $1}' | sort | uniq -c | sort -rn | head -n10 | column -t)
+        echo "$csfdeny_sshlogins"
+
         echo -e "\nLast 24hrs Top CSF Firewall Denied Country Codes:"
         csfdeny_country=$(grep "$(date -d "1 day ago"  +"%a %b  %-d")" /etc/csf/csf.deny | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1}' | sort | uniq -c | sort -rn | head -n10 | column -t)
         echo "$csfdeny_country"
@@ -699,6 +703,18 @@ netstat_info() {
         csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | grep "$(date -d "1 day ago"  +"%a %b  %-d")" | grep -oP '(?<=\()[^\)]+' | awk -F "/" 'length($1)<=2 {print $1,$2,$3}' | sort | uniq -c | sort -rn | head -n10 | column -t)
         echo "$csfdeny_sshlogins"
 
+        echo -e "\nLast 24hrs Top CSF Firewall Failed SSH Logins IPs:"
+        csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | grep "$(date -d "1 day ago"  +"%a %b  %-d")" | awk '{print $1}' | sort | uniq -c | sort -rn | head -n10 | column -t)
+        echo "$csfdeny_sshlogins"
+
+        echo -e "\nLast 3hrs Top CSF Firewall Failed SSH Logins IPs:"
+        csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | egrep "$(date -d "1 hour ago"  +"%a %b  %-d %H")|$(date -d "2 hour ago"  +"%a %b  %-d %H")|$(date -d "3 hour ago"  +"%a %b  %-d %H")" | awk '{print $1}' | sort | uniq -c | sort -rn | head -n10 | column -t)
+        echo "$csfdeny_sshlogins"
+
+        echo -e "\nLast 1hr Top CSF Firewall Failed SSH Logins IPs:"
+        csfdeny_sshlogins=$(grep 'Failed SSH login from' /etc/csf/csf.deny | grep "$(date -d "1 hour ago"  +"%a %b  %-d")" | awk '{print $1}' | sort | uniq -c | sort -rn | head -n10 | column -t)
+        echo "$csfdeny_sshlogins"
+
         # STARTD=$(date -d "1440 mins ago"  +"%a %b  %-d %H:%M")
         # ENDD=$(date +"%a %b  %-d %H:%M")
     fi