From ae23e5e390ca695733c7cb531cce109aee7ad6a5 Mon Sep 17 00:00:00 2001
From: Siraaj Khandkar <siraaj@khandkar.net>
Date: Mon, 2 Nov 2020 05:18:58 -0500
Subject: [PATCH] Implement ssh_invalid_attempts_from counter gauge

---
 home/lib/login_functions.sh | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/home/lib/login_functions.sh b/home/lib/login_functions.sh
index 243f15f..a161d4b 100644
--- a/home/lib/login_functions.sh
+++ b/home/lib/login_functions.sh
@@ -569,3 +569,25 @@ motd() {
     | column -t \
     | indent "${indent_unit}"
 }
+
+ssh_invalid_attempts_from() {
+    awk '
+        /: Invalid user/ && $5 ~ /^sshd/ {
+            u=$8
+            addr=$10 == "port" ? $9 : $10
+            max++
+            curr[addr]++
+        }
+
+        END {
+            for (addr in curr)
+                if ((c = curr[addr]) > 1)
+                    print c, max, addr
+        }
+        ' \
+        /var/log/auth.log \
+        /var/log/auth.log.1 \
+    | sort -n -k 1 \
+    | bar_gauge -v width=80 -v num=1 -v ch_right=' ' -v ch_left=' ' -v ch_blank=' ' \
+    | column -t
+}
-- 
2.20.1