Script to email failed Ftp login attempts

Shell Script to search Failed Ftp Login Attempts

This Shell script will search the server logs on daily basis and will email you the Failed Ftp Login Attempts of the day. The ftp logs are saved in the /var/log/messages file as by default there is no separate log file for Ftp in Linux.

Create a file /home/script/failedftp.sh and paste the below code:

#!/bin/bash

#Retrieve the current date

CUR_DATE=`date +”%b %e”`

#Create a temporary file to store the logs
touch /tmp/out.txt

echo “List Follows” > /tmp/out.txt

#Search the failed attempts and save in the temporary file

/bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep failed >> /tmp/out.txt

#Email the contents of the file to your email address
/bin/mail -s “Failed Ftp Login Attempts on ‘$CUR_DATE’ ” youremail@yourdomain.com < /tmp/out.txt

Save the file. You now have to schedule a cron to execute the file once in a day to search logs. Edit the cron file

crontab -e

and add the following cron job

59 23 * * * /bin/sh /home/script/failedftp.sh

Note:

1) This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.

2) If you copy/paste the script as it is in shell, the single and double quotes may change to dots (.) so make sure you correct them before executing the script.

This entry was posted on Sunday, November 29th, 2009 and is filed under Scripts. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.