One Hat Cyber Team

Your IP : 3.148.145.200

Server IP : 192.145.235.60

Server : Linux ngx365.inmotionhosting.com 5.14.0-427.33.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 30 09:45:56 EDT 2024 x86_64

Server Software : Apache

PHP Version : 8.2.27

Buat File | Buat Folder

Dir : ~/opt/sharedrads/

Edit File: check_pop3

#!/usr/bin/bash
# Changelog
# 2011-06-01:wtg  Changed --failed_login to use $LINES variable and also show domains

LINESDEF="120000";
LINES=$LINESDEF
if [ $# -eq 3 ] && [ "$2" == "--lines" ];
then
        LINES=$3;
        #echo $LINES;
fi
#echo $LINES
function printUsage () {
    echo "This script will check /var/log/maillog for a few common issues:"

echo =Check Basic Login Info=
    echo;echo "$0 --login_email"
    echo "Prints the email addresses with the most logins.";echo;

echo;echo "$0 --login_ip"
    echo "Prints the IP addresses with the most logins.";echo;

echo;echo "$0 --login_failed"
    echo "Prints highest number of failed logins by IP, address, and the both Address and IP.";echo;

echo;echo "$0 --option --lines NUMLINES"
    echo "This will execute the option, checking NUMLINES back throgh the log file (default is ${LINESDEF})"

echo;echo "$0 --checkerror";
    echo "Checks to see if you are hitting the maximum number allowed connections";
    echo "(Use this if you get complaints of webmail/IMAP being 'slow'!";

echo;echo "$0 --help"
    echo "You're looking at it!"
}
case $1 in
--login_ip)
    tail -${LINES-45000} /var/log/maillog | grep pop3d | awk '{print $8}' | sed -e '/^$/d' | sort | uniq -c | sort -nk1
    ;;

--login_email)
    tail -${LINES-45000} /var/log/maillog | grep pop3d | awk '/LOGIN/{print $7}' | sort | uniq -c | sort -nk1 | tail -2
    ;;

--login_failed)
    echo "=Sorted by IP="
    tail -${LINES-45000} /var/log/maillog | grep pop3d | awk '/LOGIN FAILED/{print $9 }' | sort | uniq -c | sort -nk1 | tail -15
    echo "=Sorted by Address="
    tail -${LINES-45000} /var/log/maillog | grep pop3d | awk '/LOGIN FAILED/{print $8 }' | sort | uniq -c | sort -nk1 | tail -15
    echo "=Sorted by Domain="
    tail -${LINES-45000} /var/log/maillog | grep pop3d | awk '/LOGIN FAILED/{gsub(/user=.*@/,"",$0);print $8 }' | sort | uniq -c | sort -nk1 | tail -15
    echo "=Sorted by Address and IP="
    tail -${LINES-45000} /var/log/maillog | grep pop3d | awk '/LOGIN FAILED/{print $8, $9}' | sort | uniq -c | sort -nk1 | tail -15
    ;;
--checkerror)
    tail -${LINES-45000} /var/log/maillog |grep "maximum active connections";
    ;;

--help)
    printUsage;
    exit 0
    ;;
*)
    printUsage;
    exit 1
    ;;
esac