Skip to content

Instantly share code, notes, and snippets.

@eusonlito
Last active April 13, 2023 07:55
Show Gist options
  • Save eusonlito/c132a8350c34b47da7a5a2b7e1ecfd74 to your computer and use it in GitHub Desktop.
Save eusonlito/c132a8350c34b47da7a5a2b7e1ecfd74 to your computer and use it in GitHub Desktop.
Add IP Location to auth.log entries
#!/bin/bash
echo -e "\nSTART: $(date "+%Y-%m-%d %H:%M:%S")\n\n"
logs="/root/logs/auth-log-ip-locate"
if [ ! -d "$logs" ]; then
install -d "$logs"
fi
for ip in $(zgrep Accepted /var/log/auth.log* | grep 'for root' | awk -F' ' '{print $11}' | sort -u); do
log="$logs/$ip"
if [ -f "$log" ]; then
echo -e "$ip\n$(cat $log)\n"
continue
fi
response=$(curl --silent --fail --connect-timeout 5 --max-time 5 http://ip-api.com/json/$ip 2> /dev/null)
if [ "$response" == "" ]; then
response=$(curl --silent --fail --connect-timeout 5 --max-time 5 https://ipapi.co/$ip/json/ 2> /dev/null)
fi
if [ "$response" != "" ]; then
echo "$response" > "$log"
fi
if [ -f "$log" ]; then
if [ -x /usr/bin/jq ]; then
/usr/bin/jq -s '.' "$log" > "$log.json"
fi
echo -e "$ip\n$(cat $log)\n"
else
echo -e "$ip\nNOT FOUND\n"
fi
sleep 1
done
echo -e "\nEND: $(date "+%Y-%m-%d %H:%M:%S")\n"
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment