Open source software security

Getting LogWatch Like Functionality from Mandrake

30 November -0001

I recently began working with Rackspace, which uses Red Hat enterprise servers. They've got a really neat service on Red Hat called LogWatch. Unfortunately, Mandrake doesn't have anything similar. You can pretty easily replicate the service though with a simple shell script and cron. Simply whip together a script to monitor your log files and schedule it. Below is a simple script that reports a lot of useful information to you.

#! /bin/bash
rm -f tmp.txt
touch tmp.txt

echo "***Uptime***" >> tmp.txt
uptime >> tmp.txt

echo "***Disk Usage Report***" >> tmp.txt
df >> tmp.txt
echo "" >> tmp.txt

theDate=`date +'%b %e'`
echo "***Auth Log Report for $theDate***" >> tmp.txt
echo "" >> tmp.txt
echo "Failed Attempts:" >> tmp.txt
echo "______________________________________________" >> tmp.txt
grep "$theDate.*\(failure\|Failed\|Illegal\)" /var/log/auth.log >> tmp.txt
echo "" >> tmp.txt
echo "" >> tmp.txt
echo "Successful Logins:" >> tmp.txt
echo "______________________________________________" >> tmp.txt
grep "$theDate.*Accepted" /var/log/auth.log >> tmp.txt

echo "" >> tmp.txt
echo "***Last Logins***" >> tmp.txt
last >> tmp.txt
echo "" >> tmp.txt

echo "" >> tmp.txt
echo "***Messages***" >> tmp.txt
grep "$theDate"  /var/log/messages >> tmp.txt
echo ""

echo "" >> tmp.txt
echo "***Processes Running***" >> tmp.txt
ps aux >> tmp.txt
echo "" >> tmp.txt

sed -e 's/$/\n/g' tmp.txt | mail -s "Server Report" username@domain.tld

rm -f tmp.txt