Script to report number of failed/suceeded ssh login attempts, and most banned IPs by fail2ban. Paths are the ones used by CentOS 6, change the if you are using another distro. Usage: ./report.sh [day]

report.sh

#!/bin/bash

#   report.sh - Script to report number of ssh login attempts, and banned IPs by fail2ban.
#   Copyright (C) 2013  Juma7C9
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 3 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, write to the Free Software Foundation,
#   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA

yesterday=$(date +"%b %e" -d "yesterday")
yesterdayFull=$(date +"%F" -d "yesterday")


inputDate=$1
if [ -z "$inputDate" ]
then
        date=$yesterday
        dateFull=$yesterdayFull
else
        date=$(date +"%b %e" -d "$inputDate")
        dateFull=$(date +"%F" -d "$inputDate")
fi


failedPasswordCount=$(cat /var/log/secure* | grep "$date" | grep sshd | grep 'Failed password' | wc -l)
bannedIPsCount=$(cat /var/log/messages* | grep "$date" | grep Ban | awk -F' ' '{print $(NF)}' | sort -n | uniq -c | sort -k1,1rn)

acceptedLogins=$(cat /var/log/secure* | grep "$date" | grep sshd | grep 'Accepted' | wc -l)
acceptedIPs=$(cat /var/log/secure* | grep "$date" | grep sshd | grep Accepted | awk -F' ' '{print $11}' | sort -n | uniq -c | sort -k1,1rn)

echo "On day $dateFull there were $failedPasswordCount failed login attempts, from these IPs:"
echo "$bannedIPsCount"
echo "There also were $acceptedLogins accepted logins, from these IPs:"
echo "$acceptedIPs"