+
+ echo "${indent_unit}-->"
+
+ sudo -n netstat -tulnp \
+ | awk -v indent="${indent_unit}${indent_unit}" '
+ NR > 2 && ((/^tcp/ && proc = $7) || (/^udp/ && proc = $6)) {
+ protocol = $1
+ addr = $4
+ port = a[split(addr, a, ":")]
+ name = p[split(proc, p, "/")]
+ names[name] = 1
+ protocols[protocol] = 1
+ if (!seen[protocol, name, port]++)
+ ports[protocol, name, ++seen[protocol, name]] = port
+ }
+
+ END {
+ for (protocol in protocols) {
+ printf "%s%s\t", indent, toupper(protocol)
+ for (name in names) {
+ if (n = seen[protocol, name]) {
+ sep = ""
+ printf "%s:", name
+ for (i = 1; i <= n; i++) {
+ printf "%s%d", sep, ports[protocol, name, i]
+ sep = ","
+ }
+ printf " "
+ }
+ }
+ printf "\n"
+ }
+ }'
+
+ echo "${indent_unit}<->"
+
+ printf '%sTCP: ' "${indent_unit}${indent_unit}"
+ sudo -n netstat -tnp \
+ | awk 'NR > 2 && $6 == "ESTABLISHED" {print $7}' \
+ | awk -F/ '{print $2}' \
+ | sort -u \
+ | xargs \
+ | column -t
+
+ # TODO: iptables summary
+}
+
+ssh_invalid_by_addr() {
+ awk '
+ /: Invalid user/ && $5 ~ /^sshd/ {
+ addr=$10 == "port" ? $9 : $10
+ max++
+ by_addr[addr]++
+ }
+
+ END {
+ for (addr in by_addr)
+ if ((c = by_addr[addr]) > 1)
+ printf "%d %d %s\n", c, max, addr
+ }
+ ' \
+ /var/log/auth.log \
+ /var/log/auth.log.1 \
+ | sort -n -k 1 \
+ | bar_gauge -v width="$(stty size | awk '{print $2}')" -v num=1 -v ch_right=' ' -v ch_left=' ' -v ch_blank=' ' \
+ | column -t
+}
+
+ssh_invalid_by_day() {
+ awk '
+ BEGIN {
+ m["Jan"] = "01"
+ m["Feb"] = "02"
+ m["Mar"] = "03"
+ m["Apr"] = "04"
+ m["May"] = "05"
+ m["Jun"] = "06"
+ m["Jul"] = "07"
+ m["Aug"] = "08"
+ m["Sep"] = "09"
+ m["Oct"] = "10"
+ m["Nov"] = "11"
+ m["Dec"] = "12"
+ }
+
+ /: Invalid user/ && $5 ~ /^sshd/ {
+ day = m[$1] "-" $2
+ max++
+ by_day[day]++
+ }
+
+ END {
+ for (day in by_day)
+ if ((c = by_day[day]) > 1)
+ printf "%d %d %s\n", c, max, day
+ }
+ ' \
+ /var/log/auth.log \
+ /var/log/auth.log.1 \
+ | sort -k 3 \
+ | bar_gauge -v width="$(stty size | awk '{print $2}')" -v num=1 -v ch_right=' ' -v ch_left=' ' -v ch_blank=' ' \
+ | column -t
+}
+
+ssh_invalid_by_user() {
+ awk '
+ /: Invalid user/ && $5 ~ /^sshd/ {
+ user=$8
+ max++
+ by_user[user]++
+ }
+
+ END {
+ for (user in by_user)
+ if ((c = by_user[user]) > 1)
+ printf "%d %d %s\n", c, max, user
+ }
+ ' \
+ /var/log/auth.log \
+ /var/log/auth.log.1 \
+ | sort -n -k 1 \
+ | bar_gauge -v width="$(stty size | awk '{print $2}')" -v num=1 -v ch_right=' ' -v ch_left=' ' -v ch_blank=' ' \
+ | column -t
+}
+
+loggers() {
+ awk '
+ {
+ split($5, prog, "[")
+ sub(":$", "", prog[1]) # if there were no [], than : will is left behind
+ print prog[1]
+ }' /var/log/syslog /var/log/syslog.1 \
+ | awk '
+ {
+ n = split($1, path, "/") # prog may be in path form
+ prog = path[n]
+ total++
+ count[prog]++
+ }
+
+ END {
+ for (prog in count)
+ print count[prog], total, prog
+ }' \
+ | sort -n -k 1 \
+ | bar_gauge -v num=1 -v ch_right=' ' -v ch_left=' ' -v ch_blank=' ' \
+ | column -t