#!/bin/bash
# 
# Logs unauthorized logins attempts, based on records from /var/log/auth.log
# 
# Gabriel 
# arcade
#
# Tue May 26 01:06:55 EDT 2020

me=$(id -u)

if [ "$me" -ne "0" ]; then
	echo -e "I need to be root"
	exit 201
fi

AUTHFILE="/var/log/auth.log"
OUTFILE="/home/pi/Attack_Attempts.txt"

echo -e "Unauthorized login attemps registered until $(date)" > ${OUTFILE}
echo -e "---------------------" >> ${OUTFILE}
echo -e "As user pi:" >> ${OUTFILE}
echo -e "-----------" >> ${OUTFILE}
grep Failed ${AUTHFILE} | grep -w 'pi' | awk -F " " '{print $1 " " $2 " " $3 ", user:" $9 ", ip: " $11 }' | nl >> ${OUTFILE}

echo -e "" >> ${OUTFILE}
echo -e "As user root:" >> ${OUTFILE}
echo -e "-----------" >> ${OUTFILE}
grep Failed ${AUTHFILE} | grep -w 'root' | awk -F " " '{print $1 " " $2 " " $3 ", user:" $9 ", ip: " $11 }' | nl >> ${OUTFILE}

echo -e "" >> ${OUTFILE}
echo -e "As another user:" >> ${OUTFILE}
echo -e "----------------" >> ${OUTFILE}
grep Failed ${AUTHFILE} | grep -wi 'invalid user' | awk -F " " '{print $1 " " $2 " " $3 ", user:" $11 ", ip: " $13 }' | sort -k4 | nl >> ${OUTFILE}

echo -e "" >> ${OUTFILE}
echo -e "Currently Banned IPs (for 48h)" >> ${OUTFILE}
if [ -x $(which fail2ban-client) ]; then
    for jail in $(sudo fail2ban-client status | grep 'Jail list' | tr -s " " | sed -e 's/list://g' -e 's/,//g' | cut -d " " -f3-10)
    do 
        fail2ban-client status $jail >> ${OUTFILE}
    done 
fi

echo "Report saved in ${OUTFILE}"

