Last active
August 29, 2015 14:14
-
-
Save briantissue/c944e00f4e0888438c87 to your computer and use it in GitHub Desktop.
Use Audit Log To Find Public IP Addresses Hitting RHEL v7.0 Box w/SELINUX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Daily report of IP addresses that have hit the server | |
| # This script will filter out the private IP addresses | |
| # You could use this script to generate a report for white-lists; or auditing purposes | |
| # Check if root | |
| if [ "$(whoami)" != "root" ]; then | |
| echo "Not running as root. Exiting..." | |
| exit 0 | |
| else | |
| echo "Running as root. Good" | |
| fi | |
| if [ -f "current-audit-log-sorted.txt" ] | |
| then | |
| > current-audit-log-sorted.txt | |
| else | |
| touch current-audit-log-sorted.txt | |
| fi | |
| cat /var/log/audit/audit* | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u | grep -v "^192."|grep -v "^10."|grep -v "^172.*"| sort -n >> current-audit-log-sorted.txt | |
| cat current-audit-log-sorted.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment