- Python 77.4%
- Makefile 16.7%
- Shell 5.9%
| .gitignore | ||
| anaAuthLog.path | ||
| anaAuthLog.py | ||
| anaAuthLog.service | ||
| countries.geojson | ||
| cpyLog.bash | ||
| create.sql | ||
| dat2Database.py | ||
| Makefile | ||
| README.md | ||
| requirements.txt | ||
| test.py | ||
| wikipedia-iso-country-codes.csv | ||
Analyse auth.log files in aspects of bad logins
This script will analyse the LOCAL copies of the auth.log files for bad logins and show graphs from where the logins might have come from, how many on which day there were and the 5 most frequently usernames.
For location tracking the whois command needs to be installed. The output of
this command will be used to estimate the location of the bad login (remember,
this can be spoofed via proxy or VPN).
See the requirements.txt for the required python packages, these can be
installed via pip install -r requirements.txt. Note that there can be
version conflicts with globally installed python packages, I therefore use
python virtualenironments. (This should all happen automatically on first use)
See the Makefile for (un)installation of systemd-units to automatically
collect the generated auth.logs.
Usage
- Use
make runto analyse the collceted auth.log files - Consider installing a systemD Unit which collects the auth.log files
automatially via
make install(undo withmake uninstall)
Improvements
The geo tracking requests will be cached to reduce load of the servers of the whois protocol