{"id":367,"date":"2009-11-29T08:11:50","date_gmt":"2009-11-29T12:11:50","guid":{"rendered":"http:\/\/linuxhostingsupport.net\/blog\/?p=367"},"modified":"2013-06-08T10:27:39","modified_gmt":"2013-06-08T14:27:39","slug":"script-to-email-failed-ftp-login-attempts","status":"publish","type":"post","link":"https:\/\/linuxhostingsupport.net\/blog\/script-to-email-failed-ftp-login-attempts","title":{"rendered":"Script to email failed Ftp login attempts"},"content":{"rendered":"<blockquote><p><span style=\"color: #0000ff;\"><strong>Shell Script to search Failed Ftp Login Attempts<\/strong><\/span><\/p><\/blockquote>\n<p>This Shell script will search the server logs on daily basis and will email you the Failed Ftp Login Attempts of the day. The ftp logs are saved in the \/var\/log\/messages file as by default there is no separate log file for Ftp in Linux.<\/p>\n<p><strong>Create a file \/home\/script\/failedftp.sh<\/strong> and paste the below code:<\/p>\n<blockquote><p><span style=\"color: #0000ff;\"><strong>#!\/bin\/bash<\/strong><\/span><\/p>\n<p><span style=\"color: #0000ff;\">#Retrieve the current date<\/span><\/p>\n<p><span style=\"color: #0000ff;\"><strong>CUR_DATE=`date +&#8221;%b %e&#8221;`<\/strong><\/span><\/p>\n<p><span style=\"color: #0000ff;\">#Create a temporary file to store the logs<strong><br \/>\ntouch \/tmp\/out.txt<\/strong><\/span><\/p>\n<p><span style=\"color: #0000ff;\"><strong>echo &#8220;List Follows&#8221; &gt; \/tmp\/out.txt<\/strong><\/span><\/p>\n<p><span style=\"color: #0000ff;\">#Search the failed attempts and save in the temporary file<\/span><\/p>\n<p><span style=\"color: #0000ff;\"><strong>\/bin\/grep &#8220;$CUR_DATE&#8221; \/var\/log\/messages | grep pure-ftpd | grep failed &gt;&gt; \/tmp\/out.txt<\/strong><\/span><\/p>\n<p><span style=\"color: #0000ff;\">#Email the contents of the file to your email address<strong><br \/>\n\/bin\/mail -s &#8220;Failed Ftp Login Attempts on &#8216;$CUR_DATE&#8217; &#8221; youremail@yourdomain.com &lt; \/tmp\/out.txt<\/strong><\/span><\/p><\/blockquote>\n<p>Save the file. You now have to <strong>schedule a cron to execute the file once in a day<\/strong> to search logs. Edit the cron file<\/p>\n<blockquote><p><span style=\"color: #0000ff;\"><strong>crontab -e<\/strong><\/span><\/p><\/blockquote>\n<p>and add the following cron job<\/p>\n<blockquote><p><span style=\"color: #0000ff;\"><strong>59 23 * * * \/bin\/sh \/home\/script\/failedftp.sh<\/strong><\/span><\/p><\/blockquote>\n<p><strong>Note:<\/strong><\/p>\n<p>1) This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.<\/p>\n<p>2) If you copy\/paste the script as it is in shell, the single and double quotes may change to dots (.) so make sure you correct them before executing the script.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Shell Script to search Failed Ftp Login Attempts<br \/>\nThis Shell script will search the server logs on daily basis and will email you the Failed Ftp Login Attempts of the day. The ftp logs are saved in the \/var\/log\/messages file as by default there is no separate log file for Ftp in Linux.<br \/>\nCreate a file \/home\/script\/failedftp.sh and paste the below code:<br \/>\n#!\/bin\/bash<br \/>\n#Retrieve the current date<br \/>\nCUR_DATE=`date +&#8221;%b %e&#8221;`<br \/>\n#Create a temporary file to store the logs<br \/>\ntouch \/tmp\/out.txt<br \/>\necho &#8220;List Follows&#8221; &gt; \/tmp\/out.txt<br \/>\n#Search the failed attempts and save in the temporary file<br \/>\n\/bin\/grep &#8220;$CUR_DATE&#8221; \/var\/log\/messages [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[106],"tags":[482,478,480,477,481,476,479],"_links":{"self":[{"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/posts\/367"}],"collection":[{"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/comments?post=367"}],"version-history":[{"count":6,"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/posts\/367\/revisions"}],"predecessor-version":[{"id":369,"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/posts\/367\/revisions\/369"}],"wp:attachment":[{"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/media?parent=367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/categories?post=367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxhostingsupport.net\/blog\/wp-json\/wp\/v2\/tags?post=367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}