home / code / khome.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add ssh invalid reports by day and by user
[khome.git] / home / lib / login_functions.sh
1 #
2
3 d() {
4 local -r word=$(fzf < /usr/share/dict/words)
5 dict "$word"
6 }
7
8 shell_activity_report() {
9 # TODO: optional concrete number output
10 # TODO: optional combinations of granularities: hour, weekday, month, year
11 local group_by="$1"
12 case "$group_by" in
13 'mon') ;;
14 'dow') ;;
15 '') group_by='dow';;
16 *)
17 echo "Usage: $0 [mon|dow]" >&2
18 kill -INT $$
19 esac
20 history \
21 | awk -v group_by="$group_by" '
22 function date2dow(y, m, d, _t, _i) {
23 # Contract:
24 # y > 1752, 1 <= m <= 12.
25 # Source:
26 # Sakamoto`s methods
27 # https://en.wikipedia.org/wiki/Determination_of_the_day_of_the_week#Sakamoto%27s_methods
28 _t[ 0] = 0
29 _t[ 1] = 3
30 _t[ 2] = 2
31 _t[ 3] = 5
32 _t[ 4] = 0
33 _t[ 5] = 3
34 _t[ 6] = 5
35 _t[ 7] = 1
36 _t[ 8] = 4
37 _t[ 9] = 6
38 _t[10] = 2
39 _t[11] = 4
40 y -= m < 3
41 _i = int(y + y/4 - y/100 + y/400 + _t[m - 1] + d) % 7
42 _i = _i == 0 ? 7 : _i # Make Sunday last
43 return _i
44
45 }
46
47 {
48 # NOTE: $2 & $3 are specific to oh-my-zsh history output
49 date = $2
50 time = $3
51 d_fields = split(date, d, "-")
52 t_fields = split(time, t, ":")
53 if (t_fields && d_fields) {
54 # +0 to coerce number from string
55 year = d[1] + 0
56 month = d[2] + 0
57 day = d[3] + 0
58 hour = t[1] + 0
59 dow = date2dow(year, month, day)
60 g = group_by == "mon" ? month : dow # dow is default
61 c = count[g, hour]++
62 }
63 if (c > max)
64 max = c
65 }
66
67 END {
68 w[1] = "Monday"
69 w[2] = "Tuesday"
70 w[3] = "Wednesday"
71 w[4] = "Thursday"
72 w[5] = "Friday"
73 w[6] = "Saturday"
74 w[7] = "Sunday"
75
76 m[ 1] = "January"
77 m[ 2] = "February"
78 m[ 3] = "March"
79 m[ 4] = "April"
80 m[ 5] = "May"
81 m[ 6] = "June"
82 m[ 7] = "July"
83 m[ 8] = "August"
84 m[ 9] = "September"
85 m[10] = "October"
86 m[11] = "November"
87 m[12] = "December"
88
89 n = group_by == "mon" ? 12 : 7 # dow is default
90
91 for (gid = 1; gid <= n; gid++) {
92 group = group_by == "mon" ? m[gid] : w[gid]
93 printf "%s\n", group;
94 for (hour=0; hour<24; hour++) {
95 c = count[gid, hour]
96 printf " %2d ", hour
97 for (i = 1; i <= (c * 100) / max; i++)
98 printf "|"
99 printf "\n"
100 }
101 }
102 }'
103 }
104
105 top_commands() {
106 history \
107 | awk '
108 {
109 count[$4]++
110 }
111
112 END {
113 for (cmd in count)
114 print count[cmd], cmd
115 }' \
116 | sort -n -r -k 1 \
117 | head -50 \
118 | awk '
119 {
120 cmd[NR] = $2
121 c = count[NR] = $1 + 0 # + 0 to coerce number from string
122 if (c > max)
123 max = c
124 }
125
126 END {
127 for (i = 1; i <= NR; i++) {
128 c = count[i]
129 printf "%s %d ", cmd[i], c
130 scaled = (c * 100) / max
131 for (j = 1; j <= scaled; j++)
132 printf "|"
133 printf "\n"
134 }
135 }' \
136 | column -t
137 }
138
139 # Top Disk-Using directories
140 # TODO: Consider using numfmt instead of awk
141 tdu() {
142 du "$1" \
143 | awk '
144 {
145 size = $1
146 path = $0
147 sub("^" $1 "\t+", "", path)
148 paths[path] = size
149 if (size > max)
150 max = size
151 }
152
153 END {
154 for (path in paths) {
155 size = paths[path]
156 pct = 100 * (size / max)
157 gb = size / 1024 / 1024
158 printf("%6.2f %3d%% %s\n", gb, pct, path)
159 }
160 }
161 ' \
162 | sort -r -n -k 1 \
163 | head -50 \
164 | tac
165 # A slight optimization: head can exit before traversing the full input.
166 }
167
168 # Top Disk-Using Files
169 tduf() {
170 find "$1" -type f -printf '%s\t%p\0' \
171 | sort -z -n -k 1 \
172 | tail -z -n 50 \
173 | gawk -v RS='\0' '
174 {
175 size = $1
176 path = $0
177 sub("^" $1 "\t+", "", path)
178 gb = size / 1024 / 1024 / 1024
179 printf("%f\t%s\n", gb, path)
180 }'
181 }
182
183 # Most-recently modified file system objects
184 recent() {
185 # NOTES:
186 # - intentionally not quoting the parameters, so that some can be ignored
187 # if not passed, rather than be passed to find as an empty string;
188 # - %T+ is a GNU extension;
189 # - gawk is able to split records on \0, while awk cannot.
190 find $@ -printf '%T@ %T+ %p\0' \
191 | tee >(gawk -v RS='\0' 'END { printf("[INFO] Total found: %d\n", NR); }') \
192 | sort -z -k 1 -n -r \
193 | head -n "$(stty size | awk 'NR == 1 {print $1 - 5}')" -z \
194 | gawk -v RS='\0' '
195 {
196 sub("^" $1 " +", "") # Remove epoch time
197 sub("+", " ") # Blank-out the default separator
198 sub("\\.[0-9]+", "") # Remove fractional seconds
199 print
200 }'
201 }
202
203 recent_dirs() {
204 recent "$1" -type d
205 }
206
207 recent_files() {
208 recent "$1" -type f
209 }
210
211 pa_def_sink() {
212 pactl info | awk '/^Default Sink:/ {print $3}'
213 }
214
215 void_pkgs() {
216 curl "https://xq-api.voidlinux.org/v1/query/x86_64?q=$1" | jq '.data'
217 }
218
219 # Colorful man
220 man() {
221 # mb: begin blink
222 # md: begin bold
223 # me: end bold, blink and underline
224 #
225 # so: begin standout (reverse video)
226 # se: end standout
227 #
228 # us: begin underline
229 # ue: end underline
230
231 LESS_TERMCAP_md=$'\e[01;30m' \
232 LESS_TERMCAP_me=$'\e[0m' \
233 LESS_TERMCAP_so=$'\e[01;44;33m' \
234 LESS_TERMCAP_se=$'\e[0m' \
235 LESS_TERMCAP_us=$'\e[01;33m' \
236 LESS_TERMCAP_ue=$'\e[0m' \
237 command man "$@"
238 }
239
240 # new experiment
241 x() {
242 cd "$(~/bin/x $@)" || kill -INT $$
243 }
244
245 hump() {
246 ledit -l "$(stty size | awk '{print $2}')" ocaml $@
247 }
248
249 howto() {
250 cat "$(find ~/arc/doc/HOWTOs -mindepth 1 -maxdepth 1 | sort | fzf)"
251 }
252
253 _yt() {
254 local -r base_dir="$1"
255 local -r uri="$2"
256 local -r opts="$3"
257
258 local -r id=$(youtube-dlc --get-id "$uri")
259 local -r title=$(youtube-dlc --get-title "$uri" | sed 's/[^A-Za-z0-9._-]/_/g')
260 local -r dir="${base_dir}/${title}--${id}"
261
262 mkdir -p "$dir"
263 cd "$dir" || kill -INT $$
264 echo "$uri" > 'uri'
265 youtube-dlc $opts -c --write-description --write-info-json "$uri"
266 }
267
268 yt_audio() {
269 local -r uri="$1"
270 _yt "${DIR_YOUTUBE_AUDIO}/individual" "$uri" '-f 140'
271 }
272
273 yt_video() {
274 local -r uri="$1"
275 _yt "${DIR_YOUTUBE_VIDEO}/individual" "$uri"
276 }
277
278 gh_fetch_repos() {
279 local -r user_type="$1"
280 local -r user_name="$2"
281
282 curl "https://api.github.com/$user_type/$user_name/repos?page=1&per_page=10000"
283 }
284
285 gh_clone() {
286 local -r gh_user_type="$1"
287 local -r gh_user_name="$2"
288
289 local -r gh_dir="${DIR_GITHUB}/${gh_user_name}"
290 mkdir -p "$gh_dir"
291 cd "$gh_dir" || kill -INT $$
292 gh_fetch_repos "$gh_user_type" "$gh_user_name" \
293 | jq --raw-output '.[] | select(.fork | not) | .git_url' \
294 | parallel -j 25 \
295 git clone {}
296 }
297
298 gh_clone_user() {
299 gh_clone 'users' "$1"
300 }
301
302 gh_clone_org() {
303 gh_clone 'orgs' "$1"
304 }
305
306 gh_clone_repo() {
307 gh_username=$(echo "$1" | awk -F / '"$1 == "https" && $3 == github.com" {print $4}')
308 gh_dir="${DIR_GITHUB}/${gh_username}"
309 mkdir -p "$gh_dir"
310 cd "$gh_dir" || kill -INT $$
311 git clone "$1"
312 }
313
314 work_log_template() {
315 cat << EOF
316 $(date '+%F %A')
317 ==========
318
319 Morning report
320 --------------
321
322 ### Prev
323
324 ### Curr
325
326 ### Next
327
328 ### Blockers
329
330 Day's notes
331 -----------
332 EOF
333 }
334
335 work_log() {
336 mkdir -p "$DIR_WORK_LOG"
337 local -r file_work_log_today="${DIR_WORK_LOG}/daily-$(date +%F).md"
338 if [ ! -f "$file_work_log_today" ]
339 then
340 work_log_template > "$file_work_log_today"
341 fi
342 vim -c 'set spell' "$file_work_log_today"
343
344 }
345
346 note() {
347 mkdir -p "$DIR_NOTES"
348 vim -c 'set spell' "$DIR_NOTES/$(date +'%Y_%m_%d--%H_%M_%S%z')--$1.md"
349 }
350
351 weather() {
352 local _weather_location
353 case "$1" in
354 '') _weather_location="$WEATHER_LOCATION";;
355 *) _weather_location="$1"
356 esac
357 curl "http://wttr.in/$_weather_location?format=v2"
358 }
359
360 _bt_devs_infos() {
361 # grep's defintion of a line does not include \r, wile awk's does and
362 # which bluetoothctl outputs
363 awk '/^Device +/ {print $2}' \
364 | xargs -I% sh -c 'echo info % | bluetoothctl' \
365 | awk '/^Device |^\t[A-Z][A-Za-z0-9]+: /'
366 }
367
368 bt_devs_paired() {
369 echo 'paired-devices' | bluetoothctl | _bt_devs_infos
370 }
371
372 bt_devs() {
373 echo 'devices' | bluetoothctl | _bt_devs_infos
374 }
375
376 run() {
377 local -r stderr="$(mktemp)"
378
379 local code urgency
380
381 $@ 2> >(tee "$stderr")
382 code="$?"
383 case "$code" in
384 0) urgency='normal';;
385 *) urgency='critical'
386 esac
387 notify-send -u "$urgency" "Job done: $code" "$(cat $stderr)"
388 rm "$stderr"
389 }
390
391 bar_gauge() {
392 awk "$@" '
393 BEGIN {
394 # CLI options
395 width = width ? width : 80
396 ch_left = ch_left ? ch_left : "["
397 ch_right = ch_right ? ch_right : "]"
398 ch_blank = ch_blank ? ch_blank : "-"
399 ch_used = ch_used ? ch_used : "|"
400 num = num ? 1 : 0
401 pct = pct ? 1 : 0
402 }
403
404 {
405 cur = $1
406 max = $2
407 lab = $3
408
409 cur_scaled = num_scale(cur, max, 1, width)
410
411 printf \
412 "%s%s%s%s", \
413 lab ? lab " " : "", \
414 num ? cur "/" max " " : "", \
415 pct ? sprintf("%3.0f%% ", cur / max * 100) : "", \
416 ch_left
417 for (i=1; i<=width; i++) {
418 c = i <= cur_scaled ? ch_used : ch_blank
419 printf "%s", c
420 }
421 printf "%s\n", ch_right
422 }
423
424 function num_scale(src_cur, src_max, dst_min, dst_max) {
425 return dst_min + ((src_cur * (dst_max - dst_min)) / src_max)
426 }
427 '
428 }
429
430 flat_top_5() {
431 sort -n -k 1 -r \
432 | head -5 \
433 | awk '
434 {
435 cur = $1
436 max = $2
437 name = $3
438 pct = cur / max * 100
439 printf "%s%s %.2f%%", sep, name, pct
440 sep = ", "
441 }
442
443 END {printf "\n"}
444 '
445 }
446
447 internet_addr() {
448 curl --silent --show-error --max-time "${1:=1}" 'https://api.ipify.org' 2>&1
449 }
450
451 status_batt() {
452 case "$(uname)" in
453 'Linux')
454 if which upower > /dev/null
455 then
456 upower --dump \
457 | awk '
458 /^Device:[ \t]+/ {
459 device["path"] = $2
460 next
461 }
462
463 / battery/ && device["path"] {
464 device["is_battery"] = 1
465 next
466 }
467
468 / percentage:/ && device["is_battery"] {
469 device["battery_percentage"] = $2
470 sub("%$", "", device["battery_percentage"])
471 next
472 }
473
474 /^$/ {
475 if (device["is_battery"] && device["path"] == "/org/freedesktop/UPower/devices/DisplayDevice")
476 print device["battery_percentage"], 100, "batt"
477 delete device
478 }
479 '
480 fi
481 ;;
482 esac
483 }
484
485 indent() {
486 awk -v unit="$1" '{printf "%s%s\n", unit, $0}'
487 }
488
489 status() {
490 local -r indent_unit=' '
491
492 uname -srvmo
493 hostname | figlet
494 uptime
495
496 echo
497
498 echo 'accounting'
499
500 printf '%stmux\n%ssessions %d, clients %d\n' \
501 "$indent_unit" \
502 "${indent_unit}${indent_unit}" \
503 "$(tmux list-sessions 2> /dev/null | wc -l)" \
504 "$(tmux list-clients 2> /dev/null | wc -l)"
505
506 echo
507
508 printf '%sprocs by user\n' "${indent_unit}"
509 ps -eo user \
510 | awk '
511 NR > 1 {
512 count_by_user[$1]++
513 total++
514 }
515
516 END {
517 for (user in count_by_user)
518 print count_by_user[user], total, user
519 }
520 ' \
521 | flat_top_5 \
522 | indent "${indent_unit}${indent_unit}"
523
524 echo
525
526 echo 'resources'
527 (
528 free | awk '$1 == "Mem:" {print $3, $2, "mem"}'
529 df ~ | awk 'NR == 2 {print $3, $3 + $4, "disk"}'
530 status_batt
531 ) \
532 | bar_gauge -v width=60 -v pct=1 \
533 | column -t \
534 | indent "$indent_unit"
535
536 echo
537
538 printf '%smem by proc\n' "$indent_unit"
539 ps -eo rss,cmd \
540 | awk -v total="$(free | awk '$1 == "Mem:" {print $2; exit}')" '
541 NR > 1 {
542 rss = $1
543 cmd = $2
544 n = split(cmd, path, "/") # _may_ be a path
545 proc = path[n]
546 by_proc[proc] += rss
547 }
548
549 END {
550 for (proc in by_proc)
551 print by_proc[proc], total, proc
552 }
553 ' \
554 | flat_top_5 \
555 | indent "${indent_unit}${indent_unit}"
556
557 echo
558
559 local _dir temp_input label_file label
560
561 printf '%sthermal\n' "$indent_unit"
562 for _dir in /sys/class/hwmon/hwmon*; do
563 cat "$_dir"/name
564 find "$_dir"/ -name 'temp*_input' \
565 | while read -r temp_input; do
566 label_file=${temp_input//_input/_label}
567 if [ -f "$label_file" ]; then
568 label=$(< "$label_file")
569 else
570 label=''
571 fi
572 awk -v label="$label" '{
573 if (label)
574 label = sprintf(" (%s)", label)
575 printf("%.2f°C%s\n", $1 / 1000, label)
576 }' \
577 "$temp_input"
578 done \
579 | sort \
580 | indent "$indent_unit"
581 done \
582 | indent "${indent_unit}${indent_unit}"
583
584 echo 'net'
585 #local -r internet_addr=$(internet_addr 0.5)
586 #local -r internet_ptr=$(host -W 1 "$internet_addr" | awk 'NR == 1 {print $NF}' )
587
588 #echo "${indent_unit}internet"
589 #echo "${indent_unit}${indent_unit}$internet_addr $internet_ptr"
590 echo "${indent_unit}if"
591 (ifconfig; iwconfig) 2> /dev/null \
592 | awk '
593 /^[^ ]/ {
594 device = $1
595 sub(":$", "", device)
596 if ($4 ~ "ESSID:") {
597 _essid = $4
598 sub("^ESSID:\"", "", _essid)
599 sub("\"$", "", _essid)
600 essid[device] = _essid
601 }
602 next
603 }
604
605 /^ / && $1 == "inet" {
606 address[device] = $2
607 next
608 }
609
610 /^ +Link Quality=[0-9]+\/[0-9]+ +Signal level=/ {
611 split($2, lq_parts_eq, "=")
612 split(lq_parts_eq[2], lq_parts_slash, "/")
613 cur = lq_parts_slash[1]
614 max = lq_parts_slash[2]
615 link[device] = cur / max * 100
616 next
617 }
618
619 END {
620 for (device in address)
621 if (device != "lo") {
622 l = link[device]
623 e = essid[device]
624 l = l ? sprintf("%.0f%%", l) : "--"
625 e = e ? e : "--"
626 print device, address[device], e, l
627 }
628 }
629 ' \
630 | column -t \
631 | indent "${indent_unit}${indent_unit}"
632
633 # WARN: ensure: $USER ALL=(ALL) NOPASSWD:/bin/netstat
634
635 echo "${indent_unit}-->"
636
637 sudo -n netstat -tulnp \
638 | awk -v indent="${indent_unit}${indent_unit}" '
639 NR > 2 && ((/^tcp/ && proc = $7) || (/^udp/ && proc = $6)) {
640 protocol = $1
641 addr = $4
642 port = a[split(addr, a, ":")]
643 name = p[split(proc, p, "/")]
644 names[name] = 1
645 protocols[protocol] = 1
646 if (!seen[protocol, name, port]++)
647 ports[protocol, name, ++seen[protocol, name]] = port
648 }
649
650 END {
651 for (protocol in protocols) {
652 printf "%s%s\t", indent, toupper(protocol)
653 for (name in names) {
654 if (n = seen[protocol, name]) {
655 sep = ""
656 printf "%s:", name
657 for (i = 1; i <= n; i++) {
658 printf "%s%d", sep, ports[protocol, name, i]
659 sep = ","
660 }
661 printf " "
662 }
663 }
664 printf "\n"
665 }
666 }'
667
668 echo "${indent_unit}<->"
669
670 printf '%sTCP: ' "${indent_unit}${indent_unit}"
671 sudo -n netstat -tnp \
672 | awk 'NR > 2 && $6 == "ESTABLISHED" {print $7}' \
673 | awk -F/ '{print $2}' \
674 | sort -u \
675 | xargs \
676 | column -t
677
678 # TODO: iptables summary
679 }
680
681 ssh_invalid_by_addr() {
682 awk '
683 /: Invalid user/ && $5 ~ /^sshd/ {
684 addr=$10 == "port" ? $9 : $10
685 max++
686 by_addr[addr]++
687 }
688
689 END {
690 for (addr in by_addr)
691 if ((c = by_addr[addr]) > 1)
692 printf "%d %d %s\n", c, max, addr
693 }
694 ' \
695 /var/log/auth.log \
696 /var/log/auth.log.1 \
697 | sort -n -k 1 \
698 | bar_gauge -v width="$(stty size | awk '{print $2}')" -v num=1 -v ch_right=' ' -v ch_left=' ' -v ch_blank=' ' \
699 | column -t
700 }
701
702 ssh_invalid_by_day() {
703 awk '
704 BEGIN {
705 m["Jan"] = "01"
706 m["Feb"] = "02"
707 m["Mar"] = "03"
708 m["Apr"] = "04"
709 m["May"] = "05"
710 m["Jun"] = "06"
711 m["Jul"] = "07"
712 m["Aug"] = "08"
713 m["Sep"] = "09"
714 m["Oct"] = "10"
715 m["Nov"] = "11"
716 m["Dec"] = "12"
717 }
718
719 /: Invalid user/ && $5 ~ /^sshd/ {
720 day = m[$1] "-" $2
721 max++
722 by_day[day]++
723 }
724
725 END {
726 for (day in by_day)
727 if ((c = by_day[day]) > 1)
728 printf "%d %d %s\n", c, max, day
729 }
730 ' \
731 /var/log/auth.log \
732 /var/log/auth.log.1 \
733 | sort -n -k 1 \
734 | bar_gauge -v width="$(stty size | awk '{print $2}')" -v num=1 -v ch_right=' ' -v ch_left=' ' -v ch_blank=' ' \
735 | column -t
736 }
737
738 ssh_invalid_by_user() {
739 awk '
740 /: Invalid user/ && $5 ~ /^sshd/ {
741 user=$8
742 max++
743 by_user[user]++
744 }
745
746 END {
747 for (user in by_user)
748 if ((c = by_user[user]) > 1)
749 printf "%d %d %s\n", c, max, user
750 }
751 ' \
752 /var/log/auth.log \
753 /var/log/auth.log.1 \
754 | sort -n -k 1 \
755 | bar_gauge -v width="$(stty size | awk '{print $2}')" -v num=1 -v ch_right=' ' -v ch_left=' ' -v ch_blank=' ' \
756 | column -t
757 }
758
759 loggers() {
760 awk '
761 {
762 split($5, prog, "[")
763 sub(":$", "", prog[1]) # if there were no [], than : will is left behind
764 print prog[1]
765 }' /var/log/syslog /var/log/syslog.1 \
766 | awk '
767 {
768 n = split($1, path, "/") # prog may be in path form
769 prog = path[n]
770 total++
771 count[prog]++
772 }
773
774 END {
775 for (prog in count)
776 print count[prog], total, prog
777 }' \
778 | sort -n -k 1 \
779 | bar_gauge -v num=1 -v ch_right=' ' -v ch_left=' ' -v ch_blank=' ' \
780 | column -t
781 }
Configs/Shell/C. My environment.
This page took 0.117186 seconds and 4 git commands to generate.